Tag: ColdFusion

4 Posts Found

Dump Out a User's ColdFusion Session

Posted: 11/29/2016 1:54 PM

Given a particular applicationName and JSessionID in ColdFusion, the following code will return a dump of the user's session.

<cfparam name="url.applicationName" default="" type="string" />
<cfparam name="url.jsessionID" default="" type="string" />

        sessionTracker = createObject("java", "coldfusion.runtime.SessionTracker");

        appSessions = sessionTracker.getSessionCollection(javaCast("string", url.applicationName));

        sessionID = url.applicationName & "_" & url.jsessionID & ".cfusion";
        targetSession = appSessions[sessionID];

    <cfdump var="#targetSession#" />

    <cfcatch type="any">
        <cfdump var="#cfcatch#" />

ColdFusion 10 / Windows Server 2016 / IIS 10

Posted: 10/18/2016 6:17 PM

The installer for the IIS connector in the base ColdFusion 10 installer does not support IIS 10.0 in Windows Server 2016. After you install ColdFusion 10, or if you manually try to run the connector installer, it fails silently.

Adobe released an update to fix this, but you need to install it manually since you can't through the CF Admin web interface with IIS.

Visit the Adobe ColdFusion Site to download the most recent hotfix. You then install it using the command:

    c:\coldfusion10\jre\bin\java -jar c:\temp\cf_hotfix_XX.jar

where c:\coldfusion10 is the root of your ColdFusion 10 installation, and c:\temp\cf_hotfix_XX.jar is the name of the JAR file that you downloaded.

You can then manually run the IIS Connector installer to get the necessary IIS integrations set up:


Get Rid Of IIS "Friendly" 500 Error Pages

Posted: 3/25/2016 8:25 PM

When ColdFusion or Tomcat throws a 500 server error, it returns a response code to IIS of 500. By default, IIS intercepts this status code and presents a "friendly" IIS error page instead of returning the actual generated error page. But in development this isn't very helpful since it doesn't show the underlying error message.

IIS Friendly 500 Error

You can override this behavior and display the CF-generated error instead with these steps:

  • Open IIS Manager and either select your server root or the individual web site.
  • In the Features view, scroll down to the Management section and open Configuration Editor.

IIS Manager

  • In the Sections dropdown, select and expand system.webServer, then select httpErrors.


  • The existingResponse value will be set to Auto. Click the dropdown and select PassThrough instead.
  • On the right side menu, click the Apply button to save the changes


You'll now see the appropriate ColdFusion error message.

CF Error


ColdFusion / Flex / SSL Offloading

Posted: 3/16/2016 6:30 PM

My company has recently purchased new web server load balancers, and part of our migration will be offloading SSL requests from the web servers to the load balancer itself, to make administration of SSL certificates easier.

We have several legacy Flex apps that connect over SSL. Unfortunately, the default installation of ColdFusion does not support SSL offloading for Flex apps. A Flex app attempts to connect to ColdFusion through SSL with a special Flex channel specifically for encrypted connections, cfamf-secure. Since we’re offloading SSL processing to the load balancer, CF thinks that it’s transferring data in plaintext. The special Flex channel requires an SSL connection, so CF throws an error when the Flex app attempts to connect because CF doesn’t know about the SSL offloading.

The solution is to modify a ColdFusion XML configuration file so that the encrypted channel doesn’t actually use the encrypted handler, but instead the plaintext one, since we’re handling SSL encryption on the load balancer: c:\ColdFusion10\cfusion\wwwroot\WEB-INF\flex\services-config.xml

You have to look for the following definition: <channel-definition id="my-cfamf-secure” ...>

Underneath it is an <endpoint ...> statement that defines the URL syntax for responding to requests. You have to change this property:




so that CF doesn’t require an encrypted connection. Then you restart the ColdFusion service, and it starts accepting requests. From what I can tell, the only difference between the two seems to be the SSL encryption requirement.