tracker issue : CF-3849152

select a category, or use search below
(searches all categories and all time range)
Title:

[ANeff] Bug for: CF sessions vs J2EE sessions (session loss) when using urlSessionFormat()

| View in Tracker

Status/Resolution/Reason: Closed/Fixed/

Reporter/Name(from Bugbase): Aaron Neff / Aaron Neff (Aaron Neff)

Created: 11/08/2014

Components: Core Runtime, Session Management

Versions: 11.0

Failure Type:

Found In Build/Fixed In Build: CF11_Final / CF11 Update5

Priority/Frequency: Normal / Few users will encounter

Locale/System: English / Win All

Vote Count: 0

Listed in the version 11.0.05.293506 Issues Fixed doc 
Sessions are maintained w/ CF sessions but not maintained w/ J2EE sessions in 3 scenarios.

Repro:

1) <a href="#urlSessionFormat('')#" target="_blank">open current page into new tab/window</a>

With CF sessions (expected and actual - good): <a href="?CFID=X&CFTOKEN=Y" target="_blank">
With J2EE sessions (expected): <a href=";jsessionid=X" target="_blank">
With J2EE sessions (actual - bad): <a href="http://www.foo.com/;jsessionid=X" target="_blank">

To fix: Revert to pre-CF11 behavior b/c this is a regression and the _only_ case when urlSessionFormat() includes the scheme and domain.

2) <a href="#urlSessionFormat('##anchor')#" target="_blank">open current page into new tab/window and jump to anchor</a>

With CF sessions (expected and actual - good): <a href="?CFID=X&CFTOKEN=Y#anchor" target="_blank">
With J2EE sessions (expected): <a href=";jsessionid=X#anchor" target="_blank">
With J2EE sessions (actual - bad): <a href="#anchor" target="_blank">

To fix: If urlSessionFormat()'s parameter begins w/ a #, then prepend jsessionid to the #.

3) <a href="#urlSessionFormat('?param=value')#" target="_blank">open current page into new tab/window w/ parameters</a>

With CF sessions (expected and actual - good): <a href="?param=value&CFID=X&CFTOKEN=Y" target="_blank">
With J2EE sessions (expected): <a href=";jsessionid=X?param=value" target="_blank">
With J2EE sessions (actual - bad): <a href="?param=value" target="_blank">

To fix: If urlSessionFormat()'s parameter begins w/ a ?, then prepend jsessionid to the ?.

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	3849152

External Customer Info:
External Company:  
External Customer Name: itisdesign
External Customer Email:

Attachments:

Comments:

The fix will be available in the upcoming coldfusion update.
Comment by S P.
10218 | January 29, 2015 12:55:52 AM GMT
Hi Preethi, Thanks very much! It will be in Update 4? Or -after- Update 4? -Aaron
Comment by External U.
10219 | January 29, 2015 04:17:24 AM GMT
It will be available after update 4.
Comment by S P.
10220 | January 29, 2015 05:09:14 AM GMT
Thanks Preethi! -Aaron
Comment by External U.
10221 | January 30, 2015 06:36:58 AM GMT
The fix for this bug is available in the pre-release build of ColdFusion 11 Update 5
Comment by CFwatson U.
10222 | February 20, 2015 09:23:57 AM GMT