Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

CFLocation adds token when addToken is omitted and does not add as a query

Description

We received reports that some users where receiving a 404 under a very specific set of circumstances. In the end, the culprit was a `<CFLOCATION>` tag that was missing the `addToken` attribute. Only during these less than common circumstances `<CFLOCATION>` was appending the URL with `;JSESSION=`, not `?JSESSION=`. Further, the semicolon was encoded in the URL `www.somewebsite.com/somefile.cfm%3BJESSION=sometoken?URLquery=someURLparameter`.

To reproduce on Chrome on Mac:

  • Close any tabs that are associated with the offending website

  • DO NOT CLOSE Chrome

  • Click on the three dots in the upper right to open the dropdown

  • Select 'More Tools'

  • Select 'Clear Browser Data...'

  • In the new tab that opens there is a modal

  • Select to clear Cookies, Browsing History, and Cache

  • Click Clear Data

  • Now close the Chrome browser (shut down Chrome entirely)

  • Reopen Chrome

  • In any NEW tab navigate to the offending website's page

One note: for our configuration, if we navigated to the offending page and typed the URL without the `www.` the issue did not happen.

Environment

None

Activity

Show:

Pothys - MitrahSoft 6 February 2025 at 11:38

I have investigated this with Lucee version 6.2.0.314-SNAPSHOT. When I executed the cflocation tag with and without the addToken attribute (<cflocation url="test.cfm" addToken="false"> and <cflocation url="test.cfm">), I encountered no issues, and it worked fine. Therefore, I am going to close this ticket. If the issue occurs in any scenario, we can reopen the ticket

Zac Spitzer 15 June 2021 at 16:12

AddToken defaults to true, with lucee 6 it now will default to false

Pothys - MitrahSoft 15 June 2021 at 15:11

Did you saw my above comment? Please check and report here back.

Pothys - MitrahSoft 14 August 2020 at 10:56

, did you check with latest snapshot? please check and report here back. It'll help to improve the status of the ticket.

Zac Spitzer 30 October 2019 at 18:30

is it reproducible with the latest snapshot?

Fixed

Details

Assignee

Reporter

Priority

Labels

New Issue warning screen

Before you create a new Issue, please post to the mailing list first https://dev.lucee.org

Once the issue has been verified, one of the Lucee team will ask you to file an issue

Created 30 October 2019 at 16:28
Updated 6 February 2025 at 11:39
Resolved 6 February 2025 at 11:38