HI everyone,
I have a form where user could update some feild in a database in a secure area , ( after an application.cfm login )
everything works fine if the user try to do the update once, if he tries to update anything else before loging out and in again, we receive this message
" CFID, CFTOKEN contains invalid characters" and the error occur in : sessionmanagement="yes"
Here is my application.cfm codes,
<cfapplication name="login"
clientmanagement="yes"
sessionmanagement="yes"
sessiontimeout="#createtimespan(0,0,15,0)#">
<cfset dsn="stock">
<cflogin>
<!--- If not logged in user, or login form not submitted,
include the login form--->
<cfif NOT isDefined("Form.username"
>
<cfinclude template="login.cfm">
<cfabort>
<cfelse>
<cfif IsDefined("Cookie.CFID" AND IsDefined("Cookie.CFTOKEN">
<cfset Variables.cfid_local = Cookie.CFID>
<cfset Variables.cftoken_local = Cookie.CFTOKEN>
<cfcookie name="CFID" value="#Variables.cfid_local#">
<cfcookie name="CFTOKEN" value="#Variables.cftoken_local#">
</cfif>
<!------>
<!--- :The user has submitted the form, but either the name
or password is blank, so include the form again --->
<cfif Form.username is "" OR Form.password is "">
<cfinclude template="login.cfm">
<h3>You must enter text in both the User ID and Password fields.</h3>
<cfabort>
<cfelse>
<!--- The user has submitted name and password, check the database for
match --->
<cfquery name="qValidLogin" datasource="stock">
SELECT *
FROM tblMember
WHERE tblMember.MemberName = '#Form.username#' AND Password = '#Form.password#' </cfquery>
<!--- The user has submitted a valid name and password --->
<cfif qValidLogin.RecordCount>
<cfloginuser name="#Form.username#" password="#Form.password#" roles="#qValidLogin.Roles#">
<cfset loggedin="1">
<cfset session.userid = #qValidLogin.MemberName#>
<!--- User has submitted invalid name and/or password,
so show the form again --->
<cfelse>
<cfinclude template="login.cfm">
<h3>Your information is not valid.;Please try again.</h3>
<cfabort>
</cfif>
</cfif>
</cfif>
</cflogin>
I'm using CFMX Ver 6.1
I have a form where user could update some feild in a database in a secure area , ( after an application.cfm login )
everything works fine if the user try to do the update once, if he tries to update anything else before loging out and in again, we receive this message
" CFID, CFTOKEN contains invalid characters" and the error occur in : sessionmanagement="yes"
Here is my application.cfm codes,
<cfapplication name="login"
clientmanagement="yes"
sessionmanagement="yes"
sessiontimeout="#createtimespan(0,0,15,0)#">
<cfset dsn="stock">
<cflogin>
<!--- If not logged in user, or login form not submitted,
include the login form--->
<cfif NOT isDefined("Form.username"
> <cfinclude template="login.cfm">
<cfabort>
<cfelse>
<cfif IsDefined("Cookie.CFID"
AND IsDefined("Cookie.CFTOKEN"> <cfset Variables.cfid_local = Cookie.CFID>
<cfset Variables.cftoken_local = Cookie.CFTOKEN>
<cfcookie name="CFID" value="#Variables.cfid_local#">
<cfcookie name="CFTOKEN" value="#Variables.cftoken_local#">
</cfif>
<!------>
<!--- :The user has submitted the form, but either the name
or password is blank, so include the form again --->
<cfif Form.username is "" OR Form.password is "">
<cfinclude template="login.cfm">
<h3>You must enter text in both the User ID and Password fields.</h3>
<cfabort>
<cfelse>
<!--- The user has submitted name and password, check the database for
match --->
<cfquery name="qValidLogin" datasource="stock">
SELECT *
FROM tblMember
WHERE tblMember.MemberName = '#Form.username#' AND Password = '#Form.password#' </cfquery>
<!--- The user has submitted a valid name and password --->
<cfif qValidLogin.RecordCount>
<cfloginuser name="#Form.username#" password="#Form.password#" roles="#qValidLogin.Roles#">
<cfset loggedin="1">
<cfset session.userid = #qValidLogin.MemberName#>
<!--- User has submitted invalid name and/or password,
so show the form again --->
<cfelse>
<cfinclude template="login.cfm">
<h3>Your information is not valid.;Please try again.</h3>
<cfabort>
</cfif>
</cfif>
</cfif>
</cflogin>
I'm using CFMX Ver 6.1