https://stackoverflow.com/questions/23545254
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianFor me, the situation was resolved by enabling J2EE sessions variables from within CF Administrator. See related post here https://forums.adobe.com/thread/1058200
ColdFusion Application.cfc onRequestStart Session scope
-
18-07-2023 - |
Question
I have an application written in ColdFusion that allows users to log in. My login page is in the root directory in a sub-directory called "login". During the login process, the system checks the username and password against my database, and assuming they are legit, it sets a Session variable of "Session.LOGIN_ID". At the bottom of my login script, I can print the login_id to the browser without any problem. However, the last part of my login script is to redirect the user to the main home page, which is located in the root directory in a sub-directory called "main", and once in awhile the page fails to load and rather directs the user back to the login screen with a message stating that their session has ended due to inactivity.
I have a Application.cfc file defined in the "main" folder, with a onRequestStart method defined that checks for the Session.LOGIN_ID being defined. If it is not, it redirects the user back to the login page and shows the message that their session has ended due to inactivity.
My question is, why does my session variable not present in the onRequestStart method? It's strange because if I clear my browser cache and login, I'm able to log in without any problem.
Does this make sense to anyone? Any suggestions as to what I could look for that could be causing this problem? I tried to dump the session vars using cfdump var=#session# from within the onRequestStart method and CF throws and error stating that SESSION is undefined.
UPDATE
In response to Adam's request, there are not multiple domains involved. Also, no switching from HTTP to HTTPS. The login page however is not bound by the Application.cfc because the login page is located in my "login" folder. The Application.cfc file is located in the "main" folder, along with the other components of my application. As far as the screen shot of the cfdump, I don't want to offend anyone but I can't really post the screen shot due to the fact that it contains information pertaining the site and I'm not authorized to post such information. I can say that when I try to do a cfdump of the session scope, it DOES show a few items in the list such as cfid, tokenid etc. However the session.login_ID is not present.
UPDATE
Okay, so taking the suggestion from Frank I have the onRequestStart method set up so that it sends me an email with a dump of the session and cgi scope. I found the following. In the Session dump, the cfid is equal to 4830, and the cftoken starts with b8e0d5... However, in the CGI dump, under HTTP_COOKIE, the value says CFID=4609; CFTOKEN=dd15bc0.... Are they supposed to match?
Solution
OTHER TIPS
This is a formatted comment in response to, "I just noticed that the items didnt match in the dump and figured I'd mention it in case they SHOULD match".
Whether or not they should match is up to the programmer, not us on StackOverflow. However, you debug this sort of things as follows.
if(actual result == expected result)
output 'yes'
else
output 'no' and the actual result and the expected result
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
