Finally got to the bottom of an session problem we've been having with a heavily-trafficked live server since we installed the Coldfusion 9.01 update, Hotfix 1 (CHF1) for ColdFusion 9.0.1 and the hotfix for security bulletin APSB11-04

Essentially, users appeared to be losing session information in between requests. Now, there is a known issue with the fix for APSB11-04, to with the Session Fixation issue, so this part of the fix can be turned off using a JVM switch (see the technote above).

But even after implementing this workaround, we were having an issue with some sessions (fewer, but still a lot) appearing to being lost.

It took quite a while to get to a solution, as we thought we were dealing with the problem noted above, but we finally nailed this down to a change in Coldfusion's behaviour after cflocation, and in fact our problem was not with the session scope but with the request scope.

Ben Nadel has blogged about this change as a change from Coldfusion 8 to Coldfusion 9, but as far as we can see it is actually a change between 9 and 9.01.

Essentially, in versions prior to 9.01, the 'OnRequestEnd' method in application.cfc would not be called if a cflocation took place before the end of the request i.e. a request with a cflocation in it would never actually 'end' - just the new request indicated in the cflocation would start.

In Coldfusion 9.01, the OnRequestEnd method is always fired, whether you cflocation before it or not.

In our case the problem was caused by a cflocation to enforce the use of https on certain templates - if https was 'off', we would cflocation to a 'https' url. But, we were setting a request variable that the OnRequestEnd method expected to exist *after* we did the cflocation.

In the past, that didn't matter, as onRequestEnd never got fired. Now, all code after the cflocation is abandoned (as before), but onRequestEnd *does* fire. And doesn't find the request variable it expects, and then errors.

So the simple answer is... if your onRequestEnd expects a variable to exist, make sure you either cfparam it in onRequestEnd, or set it before you do any cflocations.

[If you dig far enough in the release notes for 9.01 you will find this mentioned as a 'fix' - but I personally would call it a change of behaviour rather than a 'fix'!]

Horisk have just completed web development on a bespoke e-commerce website for the specialist Scottish event photographers Xpressphoto.

As well as full information about the business, photography portfolios and a Search Engine Optimised blog, the site incorporates custom developed e-commerce galleries. The generous image sizes and number of images per page easily allows customers to quickly browse all photos of an event, add their chosen shots to a basket and pay online.

The back-end allows Xpressphoto to fully customise their product offerings e.g. pricing and descriptions. Preview images are uploaded by ftp, where they can be sorted into galleries and categories, with thumbnail images being auto-generated.

The site is currently integrated with Paypal for payment processing, but will soon be switching to integrate with Protx to process payments for Barclaycard Merchant Services.

The site uses a combination of Coldfusion and PHP to power the blog, images galleries and e-commerce functions.

Horisk have just put a new website live for Scottish wedding photographer Rhoddy Stewart.

The site uses a Wordpress backend for which Horisk designed new templates to best display Rhoddy's powerful images. As well as weddings, Rhoddy also produces beautiful lifestyle portraits and has a separate event photography business.

We are currently working on a Coldfusion-based print ordering system, so wedding guests can view the images in password protected galleries and order wedding photographs online.