Archive for July, 2003

Using ColdFusion Server Variables

Most of you probably know that you can get a lot of information about your server environment from the implicit “server” variable scope, however what is not so obvious is why this information is useful. First of all, here is everything you can find out, and their values on my weblog server:

Continue reading…

Running Macromedia Pollster on IIS

First of all, Macromedia Pollster is a new sample application included on DRK 4 that allows you to create and embed fully functional, single-question polls into a web page in no more than few minutes (see the poll to the right). In fact, it regularly takes me longer to think of poll question and options than to actually create and deploy the poll.

Pollster has a ColdFusion administrative interface for creating, editing, deleting and viewing polls and poll results. The poll itself is implemented in Flash. After creating a poll, all you have to do is copy and paste the generated Flash tags into your web page, and your poll is live.

The Pollster administrative application has a form of simple security which uses HTTP browser authentication to collect a username and password and compare it to a hard-coded, hashed username and password in your Application.cfm file. Unfortunately, this doesn’t work with some IIS configurations because no matter what you type in as your username, your Windows username gets passed to the server. There are a couple of different ways to fix this.

  1. Change the hard-coded, hashed username in the Application.cfm to the hashed version of your Windows username.
  2. Remove the hash operation from Application.cfm so that you can more easily replace the hard-coded username with your Windows username.
  3. Remove authentication altogether. If you are behind a firewall, that’s fine, but if you aren’t, better pick another option.
  4. Convert the authentication mechanism over from browser authentication to a web form. Raymond Camden was kind enough to provide some sample code.

If you have followed one or more of the steps above and you are still having problems with Pollster on IIS, let me know.

Getting a Client’s IP Address With Flash Remoting

I recently found that in remote ColdFusion functions invoked by Flash Remoting, I was not able to get the client’s IP address from the CGI variable CGI.REMOTE_ADDR or CGI.REMOTE_HOST, however I was able to get it in Java by using getPageContext().getRequest().getRemoteAddr(). Strange, huh? I haven’t check Red Sky for the same issue yet, so it might have been resolved (I’ll try that this afternoon), but for how, getPageContext() saves the day once again.

Spotlight on Log4CF From DRK4

For those not in the know, the DevNet Resource Kit (DRK) Volume 3 and Volume 4 are now available to subscribers and non-subscribers alike. Although DRKs are now available immediately to the general public, you can still save yourself some money by going the route of a DevNet subscription.

DRK 4 has a ton of cool ColdFusion content, but I want to start off talking about Log4CF. Here is the description from the Macromedia website:

Log4CF is an extremely flexible and powerful logging framework that integrates into ColdFusion’s existing logging facilities. Leave logging and debugging code in your applications, even during production, and dynamically configure the verbosity of your applications’ log messages.

If you ever use the CFLOG tag, you will love Log4CF. First of all, it integrates perfectly with the ColdFusion administrator. The log files Log4CF creates automatically show up in the ColdFusion Administrator’s log manager where they can be archived, downloaded, deleted or viewed just like any other log file. A different log file is automatically created for every application.

The Log4CF manager also integrates with the ColdFusion Administrator, allowing you to configure log levels and opt to have log messages emailed to you. What does it mean to configure a “log level”? Log levels allow you to leave logging messages in your code rather than removing them when you are done debugging, and allows you to dynamically configure the verbosity of your application’s logging. When you insert a LOG4CF tag in your code, you assign it a log level. You can then dynamically turn on or off different log levels for each applications in the Log4CF manager to adjust the amount of logging each of your applications does depending on how closely you want to watch it.

Actually, my favorite thing about Log4CF is that it lets you put your log message in the body of the tag rather than as an attribute, so your messages can be as long and detailed as you want without making your code difficult to read.

Follow-up on Session Variables vs. Hidden Inputs

A few people posted some very good comments to yesterday’s post on session variables versus hidden inputs. I want to highlight two very import points that were made.

  1. Put data in structs, and put the structs in users’ sessions. Rather than putting dozens of name/value pairs directly in users’ sessions, consider putting them all in a struct, and putting the struct in the session instead. This will help you avoid inadvertently stomping on existing name/value pairs, and makes it easier to clean up should you decide to clear the struct. It’s the same idea behind creating directories on your computer and organizing files logically and hierarchically rather than putting them all in a single directory where they are difficult to manage and you are likely to run into naming conflicts.
  2. CFC instances fit nicely in sessions. Even better than putting data in structs and putting structs in sessions is putting data in components and putting components in sessions. Why is it better? Think of a component as being a struct with optional logic. In addition to simple properties (essentially name/value pairs), you can add logic and functionality. For instance, I’m currently working on an application that creates a user component and puts it in all users’ sessions once they have successfully authenticated. The component has get and set functions for all the properties of a user, including ID, name, encrypted password, last login date, etc. So far, a struct would have worked fine, however I also wanted a property for the user’s current IP address, so inside of the getIpAddress function, I have logic to extract the user’s IP address out of the request (with Flash Remoting, you want to get the user’s IP address from the request because the CGI variable does not get properly populated). By using a component rather than a struct, not only am I able to add logic for functionality that I need now, but I have a good hook for extending the component’s functionality in the future. For instance, I’m considering adding a toString function, or a getUserHash which would return a string that uniquely identifies a particular user.

Session Variables vs. Hidden Inputs

I often see people asking about how to make data persist across multiple pages of forms, and the two options that inevitably come up are using session variables and using hidden form inputs. Using session variable refers to the practice of saving your form variables as session variables, then accessing them all at once from the session scope at the appropriate time. Using hidden input refers to the practice of accumulating data from previous form in hidden inputs so that it looks to your action page or component that the user just submitted one big form (which, in fact, they technically did).

There’s nothing wrong with using hidden inputs, but using session variables is really the better solution. For one thing, it makes the code more versatile and gives you the flexibility to make your application less linear if you want to, or to more easily rearrange your forms. Additionally, the code is much more maintainable and easier to follow.

Some people use the argument of memory usage to suggest that hidden inputs are better since session variables are stored in your server’s RAM. Unless you are running ColdFusion off an Apple Newton, RAM is not going to be an issue. Let’s prove the point by doing the numbers:

Continue reading…

Using JS to Close a Window You Didn’t Open

We all know it’s impossible to use JavaScript to close arbitrary windows, right? One of the first things you learn when playing with opening and closing windows with JavaScript is that, for security reasons, you can’t close a window that you didn’t open.

Well, as it turns out, you can, as I recently learned from this post on ASP Alliance. I won’t reveal the secret here, but if you want proof that it works, here it is:

This is a traditional attempt to close the main browser window. It shouldn’t work in most browsers — at least not without prompting. This, on the other hand, is an attempt that should work. Goodbye.

Learning to Like the Var Keyword

Coming from four years of Java programming, I was a little annoyed at first back in the Neo days when I discovered that local variable declarations using the keyword “var” had to come at the top of your functions. It seemed primitive and inconvenient. I have since come to appreciate it, however, and now I actually like it. Once your component functions get long and involved enough, it is sometimes easy to forget whether a particular variable name has already been used in a function. In most cases, it wouldn’t matter if you were to inadvertently reuse a variable name, however in some cases, it could certainly cause unexpected and unintended behavior (aka bugs). When encountering the same situation in Java, I used to do a quick search within the scope of a function before declaring a new variable (although with Java, the compiler will catch errors like that for you). In ColdFusion MX, I now go the top of the function and add the variable declaration in alphabetical order, and if the variable name is already in use, I will notice right away. After quite a bit of component development, I now find that variable declaration at the top of my functions is completely natural and actually helpful.

Introducing the MAX Awards

I just found out about the 2003 MAX awards. From the Macromedia website:

As the latest highlight of the new Macromedia MAX Conference, we’re pleased to introduce the MAX Awards, an annual customer recognition program. The 2003 MAX Awards will highlight innovative, results-driven experiences built with Macromedia technology. This year’s winners will be announced at the Macromedia MAX 2003 conference held November 18-21 in Salt Lake City, Utah, where conference attendees will also have the opportunity to meet and talk with the creators of these award-winning experiences throughout the conference.

Continue reading…

ColdFusion and Graphics on Linux

Anyone out there have problems using image manipulation libraries — or even just CFCHART, for that matter — on a Linux server? If you aren’t running an X server on your Linux box (which you most likely are not) and/or do not have the XFree86 libraries installed, you are not going to be able to use tags like CFCHART, or the upcoming Jimg package on DRK 4 which lets you use ColdFusion tags or components to manipulate images in a variety of ways. The reason is that Java uses native graphic libraries for many graphic operations, so in come cases, either X needs to be running, or a virtual X server (like the X Virtual Frame Buffer, or Xvfb).

These are not fun issues to solve. Daemonite posted about this back in April in the context of CFCHART and offers some advice, and thanks to Ben Simon, I recently found a very comprehensive resource on how to solve the issue.