• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Client Variable Storage in Multi-Server Setup

Explorer ,
Dec 07, 2017 Dec 07, 2017

Copy link to clipboard

Copied

Hi,

We have 4 ColdFusion Standard Edition servers.  I would like to set all of them to use database for Client Variable Storage - and use the same Datasource.

We use UUID for generating CFTOKEN.  Since I am using the same datasource, will it be possible that one server will create same CFID/CFTOKEN as another server?  Remember, that these are Standard Edition servers.  My main concern is that Server 1 creates a set of CFID/CFTOKEN.   Some days later, Server 2 creates the same set of tokens and ends up sharing another users data that had previously logged on to Server 1.

Thanks!

Views

235

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Community Expert , Dec 07, 2017 Dec 07, 2017

This should not be an issue, because UUIDs are supposed to be "universally unique" even across multiple machines. UUID generation algorithms should create UUIDs that are, according to the RFC, "unique across both space and time, with respect to the space of all UUIDs". The CFIDs may well overlap, but the CFTOKENs should not.

http://www.ietf.org/rfc/rfc4122.txt

Dave Watts, CTO, Fig Leaf Software

Votes

Translate

Translate
Community Expert ,
Dec 07, 2017 Dec 07, 2017

Copy link to clipboard

Copied

This should not be an issue, because UUIDs are supposed to be "universally unique" even across multiple machines. UUID generation algorithms should create UUIDs that are, according to the RFC, "unique across both space and time, with respect to the space of all UUIDs". The CFIDs may well overlap, but the CFTOKENs should not.

http://www.ietf.org/rfc/rfc4122.txt

Dave Watts, CTO, Fig Leaf Software

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Dec 07, 2017 Dec 07, 2017

Copy link to clipboard

Copied

Thanks for the info Dave!   Can overlapping CFIDs be a security issue?  I believe ColdFusion uses combination of CFID and CFTOKEN, but just want to be sure.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Dec 07, 2017 Dec 07, 2017

Copy link to clipboard

Copied

No, those shouldn't be an issue. They're too small to be used by themselves as a unique value.

Dave Watts, CTO, Fig Leaf Software

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Dec 07, 2017 Dec 07, 2017

Copy link to clipboard

Copied

LATEST

Thanks Dave!

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation