jrun

We need to ensure that all cookies on a CF7 site are set as HttpOnly. We are using jsessionid to control our sessions, and JRun does not create this as HttpOnly. Whilst it is possible to modify an existing cookie to add this setting, we need to have it set to HttpOnly from the start. Any suggestions? Related Question: Setting Secure flag for HTTPS cookies. Salazar Mubarak From: http://www.petefreitag.com/item/764.cfm Running CF 8 or Lower and using Application.cfc <cfcomponent> <cfset this.sessionmanagement = true> <cfset this.setclientcookies = false> <cffunction name="onSessionStart">

I've inherited a pretty ancient JSP application (JDK 1.3.1_15) and am attempting to plug a session fixation hole. I'm successfully invalidating the current session after authentication using HttpSession.invalidate() however when the new session is created, the old session ID is re-used. <% // login.jsp if (authenticated) { request.getSession().invalidate(); // create new session and store data HttpSession session = request.getSession(); session.putValue(...); // etc response.sendRedirect("logged-in.jsp"); return; } %> I can see the new session assignment in my HTTP monitor, it's just using the

As part of upgrading JRun, we are moving from a 1.4 JVM to a 1.6 JVM. Now I am getting a really strange oracle db error: "OALL8 is in an inconsistent state". I have pinned down the problem to insert queries that do not use bind variables at all - all inline parameters. If I run the query without any bind variables, I get the above error. As soon as I replace one of the hard coded values with a bind variable - everything works without error. The other strange bit is that after executing the query, it is in fact committed to the database. I can connect from another session and see the inserted

I'm running CF 9.0.1 on Ubuntu on an "Medium" Amazon EC2 instance. CF has been seizing-up intermittently (several times per day...but notably not isolated to hours of peak usage). At such times, running top gets me this (or something similar): PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+COMMAND 15855 wwwrun 20 0 1762m 730m 20m S 99.3 19.4 13:22.96 coldfusion9 So, it's obviously consuming most of the server resources. The following error has been showing up in my cfserver.log in the lead-up to each seize-up: java.lang.RuntimeException: Request timed out waiting for an available thread to run.