WARNING! - Disabling clientManagement in cfapplication tag breaks cflocation

Posted At : 23 August 2007 10:40 | Posted By : Dan Lancelot
Related Categories: ColdFusion

This one had me banging my head against the wall for a while...

Upon the recommendation of Adobe Technical support, we set the clientmanagement attribute within the cfapplication tag within a number of our applications to "no" (from the previous value of "yes") due to problems with stability of ColdFusion on a server recieving high levels of traffic.

He said to disable client management unless we were making use of client variables within our application.

According to the documentation for the cfapplication tag:

Attribute Req/Opt Default Description
clientManagement Optional no
  • yes: enables client variables.
  • no

The only documented impact of disabling clientmanagement is to disable client variables.

However:

If we head over to the documentation for the cflocation tag:
Attribute Req/Opt Default Description
addToken Optional   clientManagement must be enabled (see cfapplication).
  • yes: appends client variable information to URL.
  • no

We can see that disabling clientmanagement, also Breaks CFLocation prevents the token from being appended on to cflocation redirects.

This is surely a bug (albeit a poorly documented feature).

We have no need of using client variables - but the cfid / cftoken values are used for session management as well - and having them on the url is essential for cross-domain / same application re-directs.

Comments (6) | Print | Send | del.icio.us | Linking Blogs | 2482 Views
Comments
[Add Comment]
Peter J. Farrell's Gravatar You can do your own cflocation by doing something like this:

<cfheader statuscode="302" statustext="Moved Temporary" />
<cfheader name="Location" value="#redirectUrl#" />
<cfabort>

Whereas redirectUrl is the complete url with CFID and CFToken. Be sure to do a cfabort afterwards or the page will continue to process.
# Posted By Peter J. Farrell | 23/08/07 13:06
Raymond Camden's Gravatar I do not believe you are correct. I have never seen this issue. I just did a quick test and the token was correctly added when clientmanagement was off and session manangement was on. You did turn sessionmanagement on, right?
# Posted By Raymond Camden | 23/08/07 13:26
TJ Downes's Gravatar Ray is right. If you turn off sessions and client variables there is no token to add, and you wouldn't even need it. It's not broken, thats proper behavior. If you don't have sessions or client variables enabled then you should remove your addToken attribute.
# Posted By TJ Downes | 23/08/07 15:20
Dan Lancelot's Gravatar @Peter

We could just add the CFID and CFToken manually to the URL parameter and continue using CFLocation for that matter, now we know the problem exists...

@Ray & @TJ Downes

<cfapplication name="[AppName]"
   clientmanagement="No"
   sessionmanagement="Yes"
   sessiontimeout="#createtimespan(1,0,0,0)#">

Session Management is enabled.

This definitely is the behaviour we experience using ColdFusion MX 7,0,2,142559 - maybe this has been fixed in later versions?

I had never seen this issue before (but I have not been looking for it) - and on our systems it is consistently reproduceable.

If what you are saying were correct, then the documentation for CFLocation would be incorrect.
# Posted By Dan Lancelot | 23/08/07 18:24
Gus's Gravatar Dan,

I NEVER use client variables and have never had an issue with CFLOCATION. What issues are you seeing?

Gus
# Posted By Gus | 23/08/07 22:02
Dan Lancelot's Gravatar @Gus

When clientmanagment is set to false in the cfapplication tag, cfid and cftoken parameters are not appended to cflocation redirections, even when addtoken is set to true on the cflocation tag.
# Posted By Dan Lancelot | 24/08/07 19:19
[Add Comment]
BlogCFC was created by Raymond Camden. This blog is running version 5.5.1, hosted by TalkWebSolutions.