Lucid Outsourcing Solutions

  Your ColdFusion application authenticates users against Active Directory. Most of the time, it works perfectly. Then, without warning, logins start failing. Minutes later, they work again, as if nothing happened. Read More

  You configure a secure cookie in ColdFusion. Your site runs entirely over HTTPS. Yet the browser never receives the Secure flag. Worse, the cookie sometimes disappears entirely after a login redirect. Read More

  ColdFusion modal popups power contact forms, login dialogs, data entry panels, and confirmation screens. Therefore, reliable form submission from inside a modal is a core enterprise requirement. Yet developers consistently hit a wall. The button clicks, nothing posts, and the user stares at a frozen popup. Read More

  ColdFusion generates PDFs for invoices, reports, statements, and contracts. Therefore, reliable PDF delivery sits at the core of many enterprise apps. Yet developers often watch a cfdocument output fail in the browser. The page shows a blank frame, a download prompt, or corrupted bytes. Read More

  Introduction The integration works perfectly in staging. The mobile app calls the payment API through ColdFusion. Tokens authenticate. Transactions process. Then deployment to production fails with a cryptic message: “I/O Exception: sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Could not build a validated path.” The API is up. Browsers connect to it without errors. Curl from the production server works fine. But ColdFusion refuses to talk to it. The error message points at Java security internals that most CFML developers have never read. Read More

The integration runs flawlessly during the demo. Tokens authenticate cleanly. API calls succeed. Then an hour later, every call starts returning 401 Unauthorized. The integration sees the failure, refreshes the token, retries the call, and succeeds. The user experience is fine — but every hour, a brief window of failures occurs while the code reacts to expiration. Then twenty-four hours later, the failures stop being temporary. The refresh attempts also return 401. The refresh token expired. Users are silently logged out. The integration breaks completely until someone manually triggers re-authentication. Read More