August 31 2006 by
Andrew Powell
I ran into a problem yesterday where, when using a SSL accelerator, which talks HTTPS to the browser and plain ol' HTTP to the server cluster, the site was mysteriously cutting over to a HTTP version of the site thereby losing all the user's cookies which were set while using SSL.
Using
Service Capture, I was able to see that the server was throwing a
301 code then redirecting to HTTP instead of HTTPS.
It turns out that if you have URL in the fashion of "http://www.mydomain.com/subDir", IIS looks for the file "subDir" first. IF it cannot find the file, it will do a "courtesy redirect" to "http://www.mydomain.com/subDir/".
Since the server is so kind to redirect like that and, it thinks it's talking HTTP because the SSL accelerator is doing the SSL between the cluster and the browser, the server redirects to a HTTP location, not a HTTPS location. This is called a
courtesty redirect. Thanks Microsoft.
Posted in ColdFusion | General | IIS | 
1 comments
August 28 2006 by
Andrew Powell
I am currently working on a project that will allow you to bypass pieces of business logic in either a cfc, a Mach-II listener or a Mach-II event and output the rendered content that has been cached.
This evolved out of a re-tooling of SuperCache. Originally, it was only for use within CFCs, but I decided to worm it into Mach-II. Now, it is multifunctional, being able to be used within CFC's or within the Mach-II framework.
I am putting the finishing polish on it and should have it out sometime soon.
Posted in ColdFusion | Caching | Mach-II | 1 comments
August 25 2006 by
Andrew Powell
One of the great things about ColdFusion is its versatility. You can use a CFC as an object or you can expose it as a web service. All you have to do is change your functions' access to "remote". This however, opens up a bit of a security hole. If you set access to "remote", then that same function can be accessed via a direct URL or via posting from a form. If the intention is purely as a web service, this is not a good thing to have exposed.
Enter the often over looked function: isSOAPRequest().
<cfif isSOAPRequest()>
...Do Something...
<cfelse>
...Throw an error...
</cfif>
This nifty little function will help you filter out non-SOAP requests to your method and enable you to ensure only SOAP based requests (invocation via web service) are served.
Since you read the documentation, you already knew this one though, right?
Posted in ColdFusion | General | 4 comments
August 24 2006 by
Andrew Powell
This song has been stuck in my head all day long.
What Would Brian Boitano Do? - Some NSFW language. Come on, it's South Park...
The Answer
Posted in General | 0 comments
August 23 2006 by
Andrew Powell
This is an open post to Mark and anyone else working on the CFE project.
What could be done to integrate Spry development into CFE? I think it has been shown lately how closely Spry and CF are going to be related. Spry is the perfect AJAX front-end for CF. Any way that CFE could make Spry development easier would be much welcome.
Is this a a valid request or should there be a completely separate Spry plugin for Eclipse? I know there is Spry integration planned for DreamWeaver, but it would be nice to have in Eclipse as well.
Posted in ColdFusion | General | CFEclipse | Spry | Adobe | 4 comments