WhosOnCFC 2.2.1 Released to RIAForge

Well, I promised Brian Rinaldi I would quit spamming out updates, but he does do a rather good job of keeping up.  This will be my last one for a while, I promise! :)

As I posted about yesterday, there was a potential way for WhosOnCFC to be exploited that I have never seen but that is not to say it could never happen.  The method in question involves someone replacing the user-agent sent by the browser to a potentially malicious Javascript code that would execute when the client information is rendered.  I tested this on a CF8 server with script protection enabled and it threw an exception.  I do not have access to prior versions of ColdFusion, but for arguments sake I now scrub all potential HTML and Javascript tags from the user-agent string.

One user asked for the ability to ignore hits by a specific IP address and that has been addressed in this version.  I added the ignoreIPs option to the configuration attribute collection.  This is just a CSV list of the full IP address(es) that you do not wish to be tracked.

One final note, the total time to track active user sessions and bot sessions (if the showBots=true setting is enabled) can now be set in the configuration attribute collection as well.  Again, I had a user that said memory usage on their server jumped up when WhosOnCFC was installed which was one of the main reasons for being able to adjust the tracking time.  I do not have access to a profiler, but I have spent quite a bit of time trying to make sure WhosOnCFC has the smallest memory footprint possible.  This was a web site that was making quite a few asynchronous calls so another good way to cut down on the memory usage would be to adjust the amount of time to store page history down.  But in the interest of full disclosure, I think I would be doing everyone a huge disservice if I kept that to myself.

I updated the documentation to reflect the current changes.  Questions, comments, or even complaints are welcome, as always.