ColdFusion returning empty response with server-error: true

coldfusion I see this issue catch a lot of people, and it got me today. If you have a file /api/test.cfm on ColdFusion 10 or greater it might not work due to ColdFusion's REST implementation controlling the /api or /rest URIs.

This entry was:

Careful applying CF11u16, CF2016u8, CF2018u2

coldfusion Update: Adobe has released CF11 Update 17 and ColdFusion 2016 Update 9 to address problems outlined in this blog entry.

Adobe released new security updates and bug fixes for ColdFusion 11, 2016 and 2018 this week.

This entry was:

Sessions don't work in Chrome but do in IE

web I observed an interesting thing today while helping a client. The problem was presented as:

We have a bunch of Chrome users having issues where a session variable is not working between page requests. We set the variable on one page, it is not defined on the next page request.

This entry was:

csrfVerifyToken does not invalidate the token

coldfusion When you are using csrfGenerateToken and csrfVerifyToken with unique categories, the token that is generated remains valid until another token is generated with the forceNew argument set to true.

This entry was:

The cf_sql_ is optional in cfqueryparam

coldfusion This is not exactly a new trick, but it is quite useful and I find not many people know that the cf_sql_ prefix is optional in the cfsqltype attribute of cfqueryparam. So instead of doing this:

WHERE id = <cfqueryparam value="#url.

This entry was:


did you hack my cf?