tracker issue : CF-3916188

select a category, or use search below
(searches all categories and all time range)
Title:

Updater 15 changes/breaks behavior of deleting cookie.cfid/cftoken

| View in Tracker

Status/Resolution/Reason: Closed/Fixed/

Reporter/Name(from Bugbase): Brian Ghidinelli / Brian Ghidinelli (Brian Ghidinelli)

Created: 01/05/2015

Components: Core Runtime

Versions: 10.0

Failure Type: Crash

Found In Build/Fixed In Build: Final / CF11 Update5,CF10 Update16

Priority/Frequency: Critical / Most users will encounter

Locale/System: English / Platforms All

Vote Count: 0

Listed in the version 11.0.05.293506 Issues Fixed doc 
Problem Description:
In Application.cfc for the last several years on CF8 and CF10, we have this line in the implicit init (e.g., outside of any functions):

        <cfif structKeyExists(cookie, "cfid")>
                <cfset structDelete(cookie, "cfid", false) />
                <cfset structDelete(cookie, "cftoken", false)>
        </cfif>

Upon installing U15, this now results in a NullPointerException.

I was told about the option in the CFAdmin to disable modification of the internal CF cookies.  On one server, it was already allowed but still I received NPEs.  On another server I updated last night, it was prohibited.  I changed the setting but I'm still getting NPEs.

This doesn't seem to happen to all users.  I was able to load the page while another user was not (and i could see the stack traces in exception.log as she loaded the page).  But, on my development laptop, it happens to me every single time and I'm the only user.

Steps to Reproduce:

Create an application.cfc with the above code before any functions are defined.  Load a page.

We've seen it in multiple browsers/platforms (Safari/Mac, Chrome and FF/Windows).

Actual Result:

NullPointerException (which, btw, does not trigger the CF Default error page so we don't get notifications or anything else when this happens..)

Expected Result:

It should delete the cookie like it used to and not throw an error.

Any Workarounds:

Removing the above code.

Stack trace:

"Error","ajp-bio-8016-exec-148","01/05/15","17:21:38",,"'' The specific sequence of files included or processed is: /var/www/pukka/main-prod1/index.cfm, line: 29 "
java.lang.NullPointerException
        at coldfusion.runtime.CFCookie.validateIfSessionCookie(CFCookie.java:143)
        at coldfusion.runtime.CFCookie.<init>(CFCookie.java:81)
        at coldfusion.runtime.CookieScope.unbindName(CookieScope.java:521)
        at coldfusion.runtime.Scope.remove(Scope.java:93)
        at coldfusion.runtime.Struct.StructDelete(Struct.java:279)
        at coldfusion.runtime.CFPage.StructDelete(CFPage.java:3989)
        at cfApplication2ecfc1652703925.runPage(/var/www/pukka/main-prod1/Application.cfc:29)
        at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:244)
        at coldfusion.filter.SilentFilter.invoke(SilentFilter.java:47)

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	3916188

External Customer Info:
External Company:  
External Customer Name: brianatvfive
External Customer Email:  
External Test Config: My Hardware and Environment details:



Happens on Windows and RHEL with JVMs 1.7.0u65 and u71 with CF10 U15

Attachments:

Comments:

at coldfusion.runtime.TemplateProxyFactory.resolveComponentHelper(TemplateProxyFactory.java:538) at coldfusion.runtime.TemplateProxyFactory.resolveName(TemplateProxyFactory.java:248) at coldfusion.runtime.TemplateProxyFactory.resolveName(TemplateProxyFactory.java:159) at coldfusion.runtime.TemplateProxyFactory.resolveFile(TemplateProxyFactory.java:120) at coldfusion.cfc.CFCProxy.<init>(CFCProxy.java:138) at coldfusion.cfc.CFCProxy.<init>(CFCProxy.java:84) at coldfusion.runtime.AppEventInvoker.<init>(AppEventInvoker.java:64) at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:232) at coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48) at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40) at coldfusion.filter.PathFilter.invoke(PathFilter.java:112) at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:94) at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28) at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:58) at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22) at coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62) at coldfusion.CfmServlet.service(CfmServlet.java:219) at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42) at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.valves.CrawlerSessionManagerValve.invoke(CrawlerSessionManagerValve.java:180) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:422) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:199) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745)
Comment by External U.
9134 | January 05, 2015 12:16:39 PM GMT
To be clear, I have two machines exhibiting this behavior, one is a Windows 7 Development laptop and another is our production RHEL box with two instances, both showing this behavior, on one physical machine. But I also have one machine, a CentOS staging server which is NOT exhibiting this behavior at the moment. To add to the mix, on ONE of the instances on the production server, the admin can no longer load the top nav or the "updates" screen. It triggers this error: The system has attempted to use an undefined value, which usually indicates a programming error, either in your code or some system code. Null Pointers are another name for undefined values. The error occurred in E:/cf10_final/cfusion/wwwroot/CFIDE/administrator/topnav.cfm: line 473 -1 : Unable to display error's location in a CFML template. Resources: Check the ColdFusion documentation to verify that you are using the correct syntax. Search the Knowledge Base to find a solution to your problem. Browser Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 Remote Address 24.5.60.59 Referrer Date/Time 05-Jan-15 06:23 PM Stack Trace at cftopnav2ecfm1518128268.runPage(E:/cf10_final/cfusion/wwwroot/CFIDE/administrator/topnav.cfm:473) java.lang.NullPointerException at coldfusion.server.UpdateService.init(UpdateService.java:122) at coldfusion.server.UpdateService.<init>(UpdateService.java:113) at coldfusion.server.UpdateService.getInstance(UpdateService.java:168) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at coldfusion.runtime.java.JavaProxy.invoke(JavaProxy.java:97) at coldfusion.runtime.CfJspPage._invoke(CfJspPage.java:2428) at cftopnav2ecfm1518128268.runPage(E:\cf10_final\cfusion\wwwroot\CFIDE\administrator\topnav.cfm:473) at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:244) at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:446) at coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65) at coldfusion.filter.IpFilter.invoke(IpFilter.java:64) at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:451)
Comment by External U.
9135 | January 05, 2015 01:09:23 PM GMT
(con'td) at coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48) at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40) at coldfusion.filter.PathFilter.invoke(PathFilter.java:112) at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:94) at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28) at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:58) at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22) at coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62) at coldfusion.CfmServlet.service(CfmServlet.java:219) at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42) at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at coldfusion.filter.ClickjackingProtectionFilter.doFilter(ClickjackingProtectionFilter.java:75) at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.valves.CrawlerSessionManagerValve.invoke(CrawlerSessionManagerValve.java:180) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:422) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:199) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745)
Comment by External U.
9136 | January 05, 2015 01:09:32 PM GMT
Hi brianatvfive, Could you confirm if unchecking the following setting, on CF Admin's Memory Variables page, resolves the issue?: "Disable updating ColdFusion internal cookies using ColdFusion tags/functions." Adobe, a more user-friendly error (instead of NULL pointer) should be thrown - similar the following error which is thrown in CF11 Update 3 when the code in the description is ran in a .cfm and when that CF Admin setting is enabled: ----------- Failed to set cookie. ColdFusion is unable to add the cookie you specified to the response. This is probably because you have used it to set one of the ColdFusion Session Cookies or Authentication cookie. Please use Application/Server level configuration for this. ----------- Thanks!, -Aaron
Comment by External U.
9137 | January 07, 2015 04:21:26 AM GMT
Aaron - that option is already unchecked. For fun, I checked, saved and unchecked it, no change in behavior.
Comment by External U.
9138 | January 08, 2015 12:05:32 AM GMT
Hi brianatvfive, Thanks for confirming that. For me, I only get that error when that option is checked. And that's consistent for me on CF10 Update 15 and CF11 Update. Adobe, I see this ticket is marked ToFix. Were you able to repro the NullPointerException? I'm just curious what exactly is being fixed. Thanks!, -Aaron
Comment by External U.
9139 | January 08, 2015 04:47:02 AM GMT
"CF10 Update 15 and CF11 Update" should've been "CF10 Update 15 and CF11 Update 3"
Comment by External U.
9140 | January 08, 2015 04:47:33 AM GMT
Hi Aaron, we are able to repro the issue using the given code snippet by placing it in application.cfc body (outside of functions).
Comment by S V.
9141 | January 08, 2015 05:51:41 AM GMT
Fix will be available in the upcoming coldfusion update.
Comment by S P.
9142 | January 29, 2015 01:11:36 AM GMT
The fix for this bug is available in the pre-release build of ColdFusion 11 Update 5 and ColdFusion 10 Update 16
Comment by CFwatson U.
9143 | February 20, 2015 09:24:00 AM GMT
I've verified this is fixed in CF11 Update 5 (build 11,0,05,293506). Thanks!, -Aaron
Comment by External U.
9144 | September 04, 2015 08:49:53 PM GMT