Hi All. I've got a quick question about ACF upgra...
# cfml-generaln
nickg
09/11/2024, 5:38 PMHi All. I've got a quick question about ACF upgrades impacting cookies or client variables. We've seen some logins disrupted post-update of ACF 2021. Have others seen similar issues with logins or similar being disrupted? I'm trying to understand why this is happening and whether there are easy fixes that don't involve resetting logins and passwords.
d
Dave Merrill
09/11/2024, 5:50 PMAre you aware of the encryption and hashing changes from a bit ago?
Maybe check if they impact you.
n
nickg
09/11/2024, 5:51 PM@Dave Merrill I did see something about that but thought that it related to an older encryption standard. I'll re-look at that.
d
Dave Merrill
09/11/2024, 6:16 PMIt's changes to the default encryption and hashing methods.
a
aliaspooryorik
09/11/2024, 6:40 PM
Is this ACF 2021 u15 to u16 ?
n
nickg
09/11/2024, 6:40 PM@aliaspooryorik yes it is!
a
aliaspooryorik
09/11/2024, 6:41 PM
Shouldn't be changes to hashing then as that was not in this update
aliaspooryorik
09/11/2024, 6:41 PM
Are you clustered / using redis / for sessions etc etc
n
nickg
09/11/2024, 6:42 PMno not clustered
nickg
09/11/2024, 6:42 PMi don't think we use redis - I've heard about that but assume i would know if we are using it
a
aliaspooryorik
09/12/2024, 7:43 AM
Just a thought but do you run your code on subdomains? So you run as
<http://a.mysite.com|a.mysite.com><http://b.mysite.com|b.mysite.com>Clear-Site-Datan
nickg
09/12/2024, 7:14 PM@Dave Merrill You were right - it turned out that some of our older clients were subject to the default hashing - when that changed, there was some breakage.
👍 1
nickg
09/12/2024, 7:15 PM@aliaspooryorik we do have sites using sub-domains, but have not seen breakage there. I'm not sure why but maybe we aren't using the headers?
a
aliaspooryorik
09/12/2024, 7:17 PM
It's a new security header so quite likely you don't have it. It was just an idea. Glad you've tracked that down. The hash change was in Update 14 though so I don't understand why it's only just started to break.
n
nickg
09/12/2024, 7:18 PM@aliaspooryorik I held off on some CF updates due to the scoping changes around the same time, or in the previous update - I was concerned that scoping requirement might cause some breakage
a
aliaspooryorik
09/12/2024, 7:18 PM
ah OK - that was why I asked
Is this ACF 2021 u15 to u16 ?😄
n
nickg
09/12/2024, 7:23 PM@aliaspooryorik Yes, we were a few updates behind due to concerns about the scoping change and wanting to ensure that there was no breakage relative to scopes. The breakage due to hashing sort of snuck in without me realizing it would also have an impact on some of our older clients.
a
aliaspooryorik
09/12/2024, 7:24 PM
Yeah no problem. Was just trying to narrow down what could be causing it. Hash changes makes total sense if you were a few patches back.
d
Dave Merrill
09/12/2024, 8:48 PM@nickg You know that you disable/postpone the scoping change with a java arg, yes?
Our major code bases have been around for a very long time, so tightening up scoping is a BIG job.
I've deferred it for now.
n
nickg
09/12/2024, 8:49 PM@Dave Merrill Yes, that's this flag, right?
this.searchImplicitScopes=true;
nickg
09/12/2024, 8:50 PM@Dave Merrill We're using that as well while we try to tighten up all the scopes. Like you said, big job. I don't know what the consequences could be of not doing this, but my recollection is that the update with this change suggested some urgency
d
Dave Merrill
09/13/2024, 11:21 AMI think there's also a flag that can log all attempts to reference implicitly scoped vars, to understand what will need to be done.
a
aliaspooryorik
09/13/2024, 12:18 PM
There is a patch you can apply https://helpx.adobe.com/coldfusion/kb/view-unscoped-variables-log-file.html
4 Views