tracker issue : CF-4196148

select a category, or use search below
(searches all categories and all time range)
Title:

cflogout not using the application token set in cflogin

| View in Tracker

Status/Resolution/Reason: Closed/Withdrawn/NotABug

Reporter/Name(from Bugbase): Geoffrey Demoulin / Geoffrey Demoulin (Geoffrey Demoulin)

Created: 10/12/2016

Components: Core Runtime

Versions: 11.0

Failure Type:

Found In Build/Fixed In Build: CF11_Final /

Priority/Frequency: Major / All users will encounter

Locale/System: English / Windows 10 64 bit

Vote Count: 0

Problem Description:

I have an application which name contains an "@" character.

This causes issues with the cflogin function (The string COOKIE.CFAUTHORIZATION_myapp@mycompany is not a valid ColdFusion variable name.), but I've used the "applicationtoken" argument to get around the issue and used the hash of the application name.

However when trying to use the cflogout function, coldfusion throws the same exception as above and there is no way to specify the applicationtoken.

Steps to Reproduce:

1/ create an application an set the name to something like: "myapp@mycompany"
2/ In index.cfm, use the following code to log-in the user then log-off:
<cfscript>
    if(!isUserLoggedin()){
      cflogin(applicationtoken="#hash("myapp@mycompany")#"){
        cfloginuser(name="user", password="pwd", roles="user");
      }
    }

    // This will fail
    cflogout();
</cfscript>

Actual Result:

An exception occurs:
Detail 	Valid variable names must start with a letter and can only contain letter, numbers, and underscores.
ErrNumber 	0
Message 	The string COOKIE.CFAUTHORIZATION_myapp@mycompany is not a valid ColdFusion variable name. 

Expected Result:

The logout successfully occurs.

Any Workarounds:

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	4196148

External Customer Info:
External Company:  
External Customer Name: Geoffrey Demoulin
External Customer Email:  
External Test Config: My Hardware and Environment details:

Attachments:

Comments:

On a side note, I don't think the cflogin should fail either, cookie names should accept special chars. Should I consider opening a ticket for this too?
Comment by External U.
1631 | October 12, 2016 08:00:26 PM GMT
Workaround: cfcookie(name="CFAUTHORIZATION_#hash(application.name)#", value="", expires="now");
Comment by External U.
1632 | October 12, 2016 08:03:31 PM GMT
Hi Geoffrey, Could you specify what all settings you have done in your Application.cfc (specifically the loginstorage). Thanks, Preethi
Comment by S P.
1633 | October 21, 2016 12:36:04 AM GMT
Hi Preethi, the loginstorage is not set in the application and should be "cookie" by default. I've restarted the coldfusion server an this error stopped happening. It might have been an issue due to a cached value and would like to withdraw the bug. Thank you.
Comment by External U.
1634 | October 23, 2016 06:06:45 PM GMT
Thanks for the confirmation Geoffrey, will be withdrawing the bug. Regards, Preethi
Comment by S P.
1635 | October 25, 2016 04:55:14 AM GMT