I'm receiving the following error anytime I try to click on a link or a button inside my application. I thought it was a session problem, which I tried removing the session_addtoken variable from the links. However, this did not resolve my problem. Any suggestions or ideas would be greatly appreciated!

cfid, cftoken contains invalid characters
This exception is caused by either broken links, or security attacks.
The invalid id is 300,300

12 Years
Discussion Span
Last Post by digi

Are you carrying duplicate URL variables in the URL querystring? Because if you are, be aware of the bug in CFMX. If you have something like this:


and you retrieve data, data will not be equal to "parker" (the last variable assigned), but it's a list of both data's: "peter, parker" - so your illegal character might be the comma.

This was a bug for a while. I don't know if they fixed it yet. If it's not a bug, it's a bad feature in my opinion. It wasn't around in versions prior to CFMX.


Thanks for the help. I'll need to play with it some more to see if that could be it. It appears that all of my variables are unique, but there are 2 that are very similar. So I'm going to give it a try tomorrow. Thanks again!



Would you know if you can have a number in an URL variable name like id2=#v_id2#. Because I have two variables for example: id=#v_id#&id2=#v_id2#. I was wondering if it ignored the number therefore causing the 2 variable to be the same? Thanks again for your help!



Hey, I was running into this problem with my companies app after the upgrade to 6.1. We use cgi_query_string when switching to/from SSL and this was creating duplicate cfid/cftoken. We also use fusebox but whatever.

ANYWAY, here is what I did to solve our problem.

Put this first in your application.cfm.

<!--- cfid, cftoken querystring concatenation filter --->
<cfif isDefined('cfid') AND isDefined('cftoken')>
    <cfset newUrl = CGI.Query_String>
    <cfif cfid CONTAINS "," AND cftoken CONTAINS ",">
        <cfset n_cfid = "&CFID=" & listGetAt(cfid, 1)>
        <cfset newUrl = replace(newUrl, n_cfid, "", "ONE")>
        <cfset n_cftoken = "&CFTOKEN=" & listGetAt(cftoken, 1)>
        <cfset newUrl = replace(newUrl, n_cftoken, "", "ONE")>
        <cflocation url="#cgi.PATH_INFO#?#newUrl#"> 
<!--- end filter --->

Edited by Dani: Formatting fixed

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.