tracker issue : CF-3351039

select a category, or use search below
(searches all categories and all time range)
Title:

CFQUERY Returning Incorrect Data

| View in Tracker

Status/Resolution/Reason: Closed/Withdrawn/Duplicate

Reporter/Name(from Bugbase): Ryan Peters / Ryan Peters (Ryan Peters)

Created: 10/22/2012

Components: Database

Versions: 10.0

Failure Type: Data Corruption

Found In Build/Fixed In Build: Final /

Priority/Frequency: Major / Few users will encounter

Locale/System: English / Linux All

Vote Count: 0

Duplicate ID:	CF-3369530

Problem Description:
Our application uses a proprietary session management system that allows it to seamlessly run from multiple, load-balanced servers.  The architecture has been in use for quite some time - but we've run into some issues ever since upgrading from CF9 to CF10 this summer. Specifically, when a database call is made from within a function, we're having sporadic issues with the database call returning incorrect data when the only parameter for the query is a UUID string that's passed to the function.  This caused user information to "cross over" and would show session data from one user to another user.

Steps to Reproduce:  We cannot reproduce this at will.  It seems to be a random occurrence, but happens 10-50 times per day (out of 75,000 requests).  It occurs on all affected servers, all browsers - we can't find any common thread.

Actual Result:  Every request calls "GetSessionData" from within a application-level component (functions.cfc) that's called as <cfset application.fn.GetSessionData(sessionkey)> - the function simply takes that argument, queries the database, and loops through the resultset and sets them as request-scoped variables.  What's happening, though - is that the CFQUERY that calls the database acts as if a completely different value than the used has been passed.  So the returned data is totally incorrect - it correlates to a different visitor's session information.  We added a <cfmail> block that contained a <cfdump> of the query as well as the arguments passed to the function.  The argument shows the correct value, but the dump of the query shows the different ones.

Expected Result:  The CFQUERY should use the correct value for <cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#arguments.targetsessionkey#">.

Any Workarounds: We had to add code to detect when the sessionkey returned by the query did not match the arguments.targetsessionkey value.  We then execute the query AGAIN, and thus far, it returns the correct data.  We're still getting periodic reports of behavior like this, and are receiving 10-50 notices per day from the system when the condition occurs.

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	3351039

External Customer Info:
External Company:  
External Customer Name: TheOtherRyan
External Customer Email:  
External Test Config: My Hardware and Environment details:



System Information

Server Details

Server Product	 ColdFusion

Version	 ColdFusion 10,282913

Edition	 Standard  

Operating System	 UNIX  

OS Version	 2.6.35.4-rscloud  

Update Level	 /usr/local/coldfusion10/cfusion/lib/updates/chf10000002.jar  

Adobe Driver Version	 4.1 (Build 0001)  





JVM Details

Java Version	 1.6.0_29  

Java Vendor	 Sun Microsystems Inc.  

Java Vendor URL	http://java.sun.com/  

Java Home	 /usr/local/coldfusion10/jre  

Java File Encoding	 UTF8  

Java Default Locale	 en_US  

File Separator	 /  

Path Separator	 :  

Line Separator	 Chr(10)  

User Name	 nobody  

User Home	 /usr/src  

User Dir	 /usr/local/coldfusion10/cfusion/bin  

Java VM Specification Version	 1.0  

Java VM Specification Vendor	 Sun Microsystems Inc.  

Java VM Specification Name	 Java Virtual Machine Specification  

Java VM Version	 20.4-b02  

Java VM Vendor	 Sun Microsystems Inc.  

Java VM Name	 Java HotSpot(TM) 64-Bit Server VM  

Java Specification Version	 1.6  

Java Specification Vendor	 Sun Microsystems Inc.  

Java Specification Name	 Java Platform API Specification  

Java Class Version	 50.0  



Server Information

General Settings

Timeout requests	 Yes  

Enable Per App Settings	 Yes  

Request Time Limit	 80 seconds  

Use UUID for CFToken	 Yes  

Disable Service Factory	 No  

Protect serialized JSON	 No  

Protect Serialized JSON Prefix	 //  

Missing Template Handler	  

Site-wide Error Handler	  

Enable HTTP status codes	 Yes  

Enable Global Script Protection	 Yes  

ORMSearch Index Directory	  

Default CFForm ScriptSrc Directory	 /CFIDE/scripts/  

Google Map Key	  

Maximum size of post data	 20 MB  

Request Throttle Threshold	 4 MB  

Request Throttle Memory	 200 MB  

Request Tuning

Simultaneous request limit	 0  

CFThread Pool Size	 10  

Maximum number of report threads	 0  

Caching

Template cache size	 2500 templates  

Enable trusted cache	 No  

Cached query limit	 8000

Save Class Files	 Yes  

Client Variable Settings

Default client variable store	 Cookie  

Client Stores

Registry  

Type	 REGISTRY  

Description	 System registry.  

Purge data after time limit	 Yes  

Time limit	 90 days  

Disable global updates	 No  

Cookie  

Type	 COOKIE  

Description	 Client based text file.  

Purge data after time limit	 Yes  

Time limit	 10 days  

Disable global updates	 No  

Memory Variables

J2EE Sessions	 No  

Application Variables

Enable Application Variables	 Yes  

Default Timeout	 2,0,0,0  

Maximum Timeout	 2,0,0,0  

Session Variables

Enable session variables	 Yes  

Default Timeout	 30,0,0,0  

Maximum Timeout	 30,0,0,0  

ColdFusion Mappings

/gateway  	 /usr/local/coldfusion10/cfusion/gateway/cfc  

/CFIDE  	 /usr/local/coldfusion10/cfusion/wwwroot/CFIDE  

Mail Connection Settings

Default Server Port	 25  

Connection Timeout	 60 seconds  

Spool Interval	 15 seconds

Mail Delivery Threads	 10  

Maintain Connection to Mail Server	 No  

Max Messages Spooled to Memory	 50000  

Default CFMail Charset	 UTF-8  

Use SSL Connection	 No  

Use TLS	 No  

Default Mail Server

ww2.xxxxxxxxx.com  

Server	 ww2.xxxxxxxxx.com  

Port	 25  

Username	  

Password	  

Mail Logging Settings

Log Severity	 error  

Log all E-mail messages sent by ColdFusion	 Yes  

Charting

Cache Type	 disk images  

Maximum number of images in cache	 50 images  

Maximum number of charting threads	 4  

Disk cache location



CF data source name	 *******  

Description	  

Driver	 MSSQLServer  

JDBC URL	 jdbc:macromedia:sqlserver://*******:1433;databaseName=xxxxxxxxx;SelectMethod=direct;sendString ParametersAsUnicode=false;querytimeout=0; ;MaxPooledStatements=100  

Username	 *******  

Login timeout	 30 seconds  

Long text buffer size	 64000  

Timeout	 1200 seconds  

Maintain connections	 Yes  

Interval	 420 seconds  

Restricted SQL operations	  

Disable connections	 No

Attachments:

Comments:

Can someone please contact me - I need to remove some info from the above. Damn copy and paste...
Comment by External U.
17419 | October 22, 2012 02:18:48 PM GMT
@TheOtherRyan, Apparently you have preferred not to recieve emails from Adobe, because of which your email id is not visible. you can reach out to me at rukumar at adobe dot com.
Comment by Rupesh K.
17420 | October 23, 2012 09:52:52 AM GMT