[thelist] CF: cflocation/cfcookie workaround

[Joshua Olson]

Hey Frank,

Sure, no prob.  CFLOCATE has a nasty habit of stripping everything out of
the datastream before it does the relocation.  I'm sure that is the
intentional behavior so that nothing seems to happen on the clients browser
to give away the relocation actually occurred.  The solution is to simply
not use cflocate.  You can hand craft a relocation by adding two headers to
the outgoing datastream manually.

<cfheader statuscode="302" statustext="Object Temporarily Moved">
<cfheader name="location" value="http://your.domain.com">

: Is there a reliable way to expire the CFID and CFTOKEN cookies that
: may not involve cfcookie? Note: simply setting them to '' or
: deleteClientVariable() makes lots of things break.

Yes.  It is probably better not to rely on the existence of CFTOKEN and CFID
to determine if the session is active.  Set a third session variable to make
that designation.  For example, when they first log in you could set it to
#CFTOKEN# & #CFID#  If this variable exists and matches, then the session is
still ok.  When the session ends, simply clear this variable by setting it
to empty string.  The variable exists (which means they once had a valid
session), but is invalid since it does not match cfid and cftoken, which
means they are not presently engaged in a valid session.

If you play this right, you will not have to worry about overwriting the
clients cookies to end the session.

HTH,
-joshua

----- Original Message -----
From: "Frank" <framar at interlog.com>
Subject: [thelist] CF: cflocation/cfcookie workaround


:
: Argh! It came and bit me on the butt today. Does anyone know if there
: is a work around for the bug in Cold Fusion server 4.5x that makes
: cflocation and cfcookie incompatible? I can't afford to trust the
: user to be using javascript on this function.