Highlighted

Client Variable Storage in Multi-Server Setup

New Here ,
Dec 07, 2017

Copy link to clipboard

Copied

Hi,

We have 4 ColdFusion Standard Edition servers.  I would like to set all of them to use database for Client Variable Storage - and use the same Datasource.

We use UUID for generating CFTOKEN.  Since I am using the same datasource, will it be possible that one server will create same CFID/CFTOKEN as another server?  Remember, that these are Standard Edition servers.  My main concern is that Server 1 creates a set of CFID/CFTOKEN.   Some days later, Server 2 creates the same set of tokens and ends up sharing another users data that had previously logged on to Server 1.

Thanks!

Adobe Community Professional
Correct answer by Dave Watts | Adobe Community Professional

This should not be an issue, because UUIDs are supposed to be "universally unique" even across multiple machines. UUID generation algorithms should create UUIDs that are, according to the RFC, "unique across both space and time, with respect to the space of all UUIDs". The CFIDs may well overlap, but the CFTOKENs should not.

http://www.ietf.org/rfc/rfc4122.txt

Dave Watts, CTO, Fig Leaf Software

Views

136

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Client Variable Storage in Multi-Server Setup

New Here ,
Dec 07, 2017

Copy link to clipboard

Copied

Hi,

We have 4 ColdFusion Standard Edition servers.  I would like to set all of them to use database for Client Variable Storage - and use the same Datasource.

We use UUID for generating CFTOKEN.  Since I am using the same datasource, will it be possible that one server will create same CFID/CFTOKEN as another server?  Remember, that these are Standard Edition servers.  My main concern is that Server 1 creates a set of CFID/CFTOKEN.   Some days later, Server 2 creates the same set of tokens and ends up sharing another users data that had previously logged on to Server 1.

Thanks!

Adobe Community Professional
Correct answer by Dave Watts | Adobe Community Professional

This should not be an issue, because UUIDs are supposed to be "universally unique" even across multiple machines. UUID generation algorithms should create UUIDs that are, according to the RFC, "unique across both space and time, with respect to the space of all UUIDs". The CFIDs may well overlap, but the CFTOKENs should not.

http://www.ietf.org/rfc/rfc4122.txt

Dave Watts, CTO, Fig Leaf Software

Views

137

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Dec 07, 2017 0
Adobe Community Professional ,
Dec 07, 2017

Copy link to clipboard

Copied

This should not be an issue, because UUIDs are supposed to be "universally unique" even across multiple machines. UUID generation algorithms should create UUIDs that are, according to the RFC, "unique across both space and time, with respect to the space of all UUIDs". The CFIDs may well overlap, but the CFTOKENs should not.

http://www.ietf.org/rfc/rfc4122.txt

Dave Watts, CTO, Fig Leaf Software

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 07, 2017 1
New Here ,
Dec 07, 2017

Copy link to clipboard

Copied

Thanks for the info Dave!   Can overlapping CFIDs be a security issue?  I believe ColdFusion uses combination of CFID and CFTOKEN, but just want to be sure.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 07, 2017 0
Adobe Community Professional ,
Dec 07, 2017

Copy link to clipboard

Copied

No, those shouldn't be an issue. They're too small to be used by themselves as a unique value.

Dave Watts, CTO, Fig Leaf Software

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 07, 2017 1
New Here ,
Dec 07, 2017

Copy link to clipboard

Copied

Thanks Dave!

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 07, 2017 0