CFHTTP Cookie Issue

743 views Asked by At

I'm having (what I believe to be) a cookie problem with cfhttp under Railo-Express-4.1.1.009.

My code performs a two step http call. The first step performs authorization with the remote application. If successful, the remote server returns an authorization cookie, which is extracted and passed to the second call like so:

<cfhttp url="http://remoteserver/targetPath" port="xxxx" method="get" result="Local.response" throwonerror="true" redirect="false">
       <cfhttpparam name="Action" value="Ping" type="URL" />
       <cfhttpparam name="mansession_id" value="#Local.result.authCookie#" type="cookie" />
</cfhttp>

The http call is successful, but the response essentially says I'm not authorized. (That's what "permission denied" actually means in this context).

<response='Error' message='Permission denied'... />

However, the exact same code (run from the same box) succeeds with CF9:

<response='Success' ping='Pong' ... />

I double checked the response headers from the first cfhttp call, and verified I'm passing the correct #Local.result.authCookie# value to the second call:

  • CFHTTP Result = set-cookie : mansession_id="932a4086";
  • Local.result.authCookie = AUTHCOOKIE string 932a4086

Since everything is the same, other than the engine running the cfml, I've concluded cfhttp probably isn't passing the cookie properly. I've tried a number of things, but I'm out of ideas at this point. Any ideas on how to resolve the problem or further troubleshoot it would be greatly appreciated.

Update:

I decided to try different versions of Railo (since the Express versions make it so easy) and found that the code works under 3.3.3.001 (but not 4.0.4.001). So something must be broken in 4.x.

1

There are 1 answers

3
barnyr On BEST ANSWER

I would install Fiddler and then add the proxyServer=localhost and proxyPort=8888 attributes to the CFHTTP call. You can then watch the HTTP requests go out through fiddler. If your CF server is on another box, you can still run Fiddler on your desktop, just turn on 'Allow other machines to connect' in Fiddler's settings and provide your machine name instead of localhost in the proxyServer attribute.

You're in the great situation that you can make work in some environments and not others, so you ought to be able to see what's happening differently.

You can either compare the http requests manually, or configure Fiddler to use a diffing tool. Select two requests, then right-click->compare. I highly recommend Beyond Compare 3 from Scooter Software as a diffing tool.

Do update your question with what you find, as I'd like to know the outcome.