ColdFusion MX 7: JSESSIONID management breaks ColdFusion Administrator on WebLogic 8.x
Issue
When using ColdFusion MX 7 with WebLogic 8.x, the JSESSIONID changes on every page request in the ColdFusion Administrator, breaking the code analyzer and the log viewer.
Reason
The CFID, CFTOKEN, and JSESSIONID values are re-written by thewebroot/CFIDE/adminapi/administrator.cfc during the ColdFusion Administrator login process. This process replaces the "!" and "-" characters with the URL-encoded values. WebLogic JSESSIONID cookies are not URL-encoded and contain "!" and "-" characters that must not be URL-encoded. Because of that, WebLogic does not recognize URL-encoded values as representations of "!" and "-" on subsequent requests, and therefore starts new sessions.
Solution
To solve the issue, download the new administrator.cfc file and replace the oldwebroot/CFIDE/adminapi/administrator.cfc file with this new version.
This content requires Flash
To view this content, JavaScript must be enabled, and you need the latest version of the Adobe Flash Player.
Download the free Flash Player now!
