2007-08-04 11:00 brian *NEW VERSION: 2.0 Added new CFC-based version provided by Jason Baker : * Session spy makeover * Cookie prefixes allow use in more than one app per server * Include tag to solve known issues with cflocation Component-based version eliminates the session clearing script and instead cleans up in the check() function. This eliminates the concern of many hosting companies about a script scheduled to run every minute. 2000-09-13 10:04 brian * README: Modified README to note the existence of THEORY and cut and paste the caveats over to the THEORY file as well. 2000-09-13 10:04 brian * THEORY: Added the file THEORY, it contains information about running rsession including caveats (such as with CFLOCATION). At the moment, it primarily addresses concerns about the security of sessions that default to CFID with a value of 0. Out-of-the-box, that doesn't provide much security so we changed it to use a six digit random number which now provides security equal to that of the default Allaire session management. 2000-09-13 09:43 brian * code/Application.cfm: Per Jordan Clark's concerns, modified the _default_ CFID to instead be a six digit random number. The rsession framework (out of the box) now mimics Allaire's session scope without the locking and failover issues. Our first application of the rsession framework was in an entertainment site where security wasn't an issue (the worst that could happen was a user could win prizes for another user *gasp!*). Jordan brought up some good points however that sessions could fairly easily be snarfed with the default setup since UUID's are somewhat sequential. To create more secure sessions by default, we now initialize the CFID to a random six digit number. This now mimics Allaire's framework in 4.5 with optional UUID CFTOKEN's and should provide for "fairly" secure sessions. 2000-09-09 15:38 brian * presentation/: 0.html, 1.html, 10.html, 11.html, 12.html, 2-1.html, 2-2.html, 2.html, 3.html, 4.html, 5.html, 6.html, 7.html, 8.html, 9.html, bacfug.css, index.html, logo_vfive.gif: Added directory /presentation to rsession, this contains my presentation at the Bay Area Cold Fusion User Group (BACFUG) in August of 2000. 2000-09-08 22:58 brian * README: Modified README with new information and a caveat about using rsession with cflocation. 2000-09-08 22:56 brian * ChangeLog: Created ChangeLog generated by Kogel's cvs2cl.pl 2000-09-08 22:48 brian * code/: session_check_example.cfm, session_clean_example.cfm, session_create_example.cfm: Moved these files to the example directory. 2000-09-08 22:43 brian * example/: session_check_example.cfm, session_create_example.cfm: Modified example tags CFCOOKIE to use domain=".somedomain.com" parameter. 2000-09-08 22:40 brian * code/Application.cfm: Modified CFCOOKIE to use domain=".somedomain.com" parameter. Crucial to proper operation across a cluster of machines. 2000-09-08 22:39 brian * INSTALL: Made note about modifying Application.cfm with proper request.dsn and domain=".backslap.com" during install 2000-09-08 22:36 brian * INSTALL, TODO: Broke down README into more intelligible and standardized INSTALL and TODO files. 2000-09-08 22:30 brian * code/session_clean.cfm: Removed unnecessary Sybase-specific convert statements in qrySelectDeadSessions. 2000-09-08 22:30 brian * code/: session_create.cfm, session_save.cfm: Updated references to COOKIE.CFID to include val(COOKIE.CFID) to protect against malicious SQL hacks. 2000-09-08 22:27 brian * example/: session_check_example.cfm, session_clean_example.cfm, session_create_example.cfm: Moved these files from /code subdirectory into /example subdirectory for cleanliness of distribution. 2000-09-08 22:25 brian * code/: Application.cfm, OnRequestEnd.cfm, session_check.cfm, session_clean.cfm, session_create.cfm, session_save.cfm, session_spy.cfm: Update comment header in each file to point to rsession directory and changed word "tag" to "framework" in description. 2000-09-08 22:20 brian * code/session_check.cfm: Added a val() around COOKIE.CFID to protect against malicious SQL inserts. 2000-09-08 21:39 brian * README, code/Application.cfm, code/OnRequestEnd.cfm, code/session_check.cfm, code/session_check_example.cfm, code/session_clean.cfm, code/session_clean_example.cfm, code/session_create.cfm, code/session_create_example.cfm, code/session_save.cfm, code/session_spy.cfm, sql/tblLookupSession.sql: Starting RSESSION source management 2000-09-08 21:39 brian * README, code/Application.cfm, code/OnRequestEnd.cfm, code/session_check.cfm, code/session_check_example.cfm, code/session_clean.cfm, code/session_clean_example.cfm, code/session_create.cfm, code/session_create_example.cfm, code/session_save.cfm, code/session_spy.cfm, sql/tblLookupSession.sql: Initial revision