This content has been marked as final. Show 5 replies
> On both occasions it appears the cf server traverses the physical path and
> uses that to resolve Application.cfc which is different behavior than any other
> processed file.
Yep, exactly as it explains it will in the documentation on
Application.cfm and Application.cfc files. CF looks for these in the
physical path, not the virtural path of the directory.
This is a big reason most CF developers will tout that a component
should only know what is passed to it is arguments. Expecting it to
'know' something such as what application it is in, or what is in the
session scope and such will experience problems just like this.
Want to see what a bigger headache this could be. Set some session data
in each site1 and site2 that is different and then check the results
with the same kind of testing.
<quote from="CF Documentation">
*How ColdFusion MX finds and process application definition pages*
ColdFusion MX uses the following rules to locate and process the
Application.cfc, Application.cfm, and OnRequestEnd.cfm pages that define
application-specific elements. The way ColdFusion MX locates these files
helps determine how you structure an application.
Each time ColdFusion MX processes a page request it does the following:
When ColdFusion starts processing the request, it does the following:
It searches the pages directory for a file named Application.cfc. If
one exists, it creates a new instance of the CFC, processes the initial
events, and stops searching. (ColdFusion MX creates a new instance of
the CFC and processes its initialization code for each request.)
If the requested pages directory does not have an Application.cfc file,
it checks the directory for an Application.cfm file. If one exists,
ColdFusion MX logically includes the Application.cfm page at the
beginning of the requested page and stops searching further.
If the requested pages directory does not have an Application.cfc or
Application.cfm file, *ColdFusion MX searches up the directory tree and
checks each directory first for an Application.cfc file and then, if one
is not found, for an Application.cfm page, until it reaches the root
directory (such as C:\).* When it finds an Application.cfc or
Application.cfm file, it processes the page and stops searching.
Note in the last paragraph on what tree ColdFusion searches and where it
Thanks for your quick response!
However, what if my component is used by a client side control, like a CFGrid and the query to populate the grid needs data that I do not want the user to give control over, for example his customer id (show all orders for the customer). How can a component that has no idea of state (session) verify that a certain Ajax request is legitimate?
> Thanks for your quick response!
> However, what if my component is used by a client side control, like a CFGrid
> and the query to populate the grid needs data that I do not want the user to
> give control over, for example his customer id (show all orders for the
> customer). How can a component that has no idea of state (session) verify that
> a certain Ajax request is legitimate?
You pass the session (state) data to the component rather then expecting
it to know it. There are many subtly different ways to do this. My
first guess is that you could use some type of facade or something like
it. Your AJAX function would call this template, which would then call
the desired CFC function passing in all necessary data (including
relevant session data) and return the results back to the AJAX request.
Wow, so for all my access="remote" functions, create a wrapper cfm with code to catch all input variables, validate the input (again), pull the required session details, pass it all on to the function, reformat the output to json. And all that because the function cannot (should not) access the session vars *IF* you happen to call the function via Ajax? Also, the documentation you quote does not mention that the *physical* path is traversed as opposed to the logical path... I guess the thing that bugs me most is the same component/function behaving differently depending on how it is called.
(BTW, I am truly grateful of your help and the above criticism is not directed toward you! :-) )
> Wow, so for all my access="remote" functions, create a wrapper cfm with code to
> catch all input variables, validate the input (again)
Yeah, if you are unwilling to pass the data through the client. It is a
bit of reality that access=remote for web services and flash remoting
makes keeping state much more difficult and puts more of the onus on the
developer to do the work then we have been spoiled to with CF.
I am by no means an expert and struggle with this as well, maybe
somebody more experienced will chime in here soon.