Skip navigation
WolfShade
WolfShade
Currently Being Moderated

Session variable not being set immediately after CFSET session.var = "data"

Jul 27, 2012 6:19 AM

Hello, everyone.

 

Got a real head scratcher (at least, for me it is.)

 

Just experimenting a little bit, this isn't project related (yet), but something I'd like to code as reusable for future projects.

 

I'm attempting to write code that will clear session variables when the browser is closed, -AND- disassociate the session variables from the client by altering and expiring the cfid and cftoken cookies.

 

In my Application.cfc, I have the following:

 

onSessionStart:
 <cfif NOT StructKeyExists(session,"app")><cfinvoke component="components" method="setDirs" returnvariable="session.app"></cfif>
 <cfset oRequest = getPageContext().getRequest()>
 <cfset session.cookies = oRequest.getHTTPRequest().getCookies()>
 <cfcookie name="cfid" value="#session.cfid#">
 <cfcookie name="cftoken" value="#session.cftoken#">
 
 onSessionEnd:
 <cfloop index="local.cookiename" list="cfid,cftoken,cfmagic"><cfcookie name="#local.cookiename#" value="" expires="now"></cfloop>

 

In the page that loads, I have:

 

<cfset session.cookies = getPageContext().getRequest().getHTTPRequest().getCookies()>
 <cfoutput>
 <cfloop index="idx" array="#session.cookies#">#idx.getName()# = #idx.getValue()# - Expires: #idx.getMaxAge()#</cfloop>
 </cfoutput>

The above is where the error message "Cookies undefined in Session" appears.  Didn't I just set session.cookies, twice?

 

Thank you,

 

^_^

606 Views   5 Replies   Latest reply: 12Robots, Jul 27, 2012 7:21 AM
 
Replies
  • Adam Cameron.
    Currently Being Moderated
    1. Adam Cameron.,
    Jul 27, 2012 6:30 AM   in reply to WolfShade
    Report

    I don't quite follow what you're doing, but you can't mess with cookies in onSessionEnd() because it - intrinsically - is not associated with a request... and you can't send cookies to the browser other than as part of a response to a request.

     

    --

    Adam

     
    |
    Mark as:
  • WolfShade
    Currently Being Moderated
    2. WolfShade,
    Jul 27, 2012 7:02 AM   in reply to Adam Cameron.
    Report

    Adam Cameron. wrote:

     

    I don't quite follow what you're doing, but you can't mess with cookies in onSessionEnd() because it - intrinsically - is not associated with a request...

    Can't, or shouldn't?  It's forcing a new CFID and CFTOKEN when the browser is closed and re-opened, so that part (at least) is doing what I want.  If I shouldn't be doing this, then is there a better way to force new CFID/CFTOKEN after a browser is closed?  I'm trying to do this because StructClear(session) by itself isn't working - session variables set in previous openings of the browser are still present.  New CFID/CFTOKEN values at least disassociate the browser from previous sessions, which eventually are cleaned up after the session timeout.

     

    ^_^

     
    |
    Mark as:
  • Adam Cameron.
    Currently Being Moderated
    3. Adam Cameron.,
    Jul 27, 2012 7:10 AM   in reply to WolfShade
    Report

    You can't.

     

    To change a browser's cookies, you need to communicate with the browser.  This is done when the CF server sends the HTTP response to a request from that browser.

     

    onSessionEnd() - by its very nature - only runs when there isn't communcation with the browser, and hasn't been any communication from the browser for at least the [session timeout] period.  So you can monkey with the cookie scope all you like in there, but the changes are never sent to the browser, because the browser has long since "left the building" as it were.

     

    As HTTP is connectionless, and the browser doesn't communicate with the CF server anyhow (the browser only talks to the web server), there is no way for the CF server to know that the client has closed their browser.  All that takes place on the client machine, and CF is sitting on the CF server.  Even the web server doesn't know what's happening on the client UI.

     

    What you can do is to set the cookies and the session to have very short timeouts, so that the expire quickly once there's no activity to refresh them.

     

    --

    Adam

     
    |
    Mark as:
  • WolfShade
    Currently Being Moderated
    4. WolfShade,
    Jul 27, 2012 7:17 AM   in reply to Adam Cameron.
    Report

    So the only thing I can do is to set cookie.cfid and cookie.cftoken to 'expires="now"' (so they will be session only) and that's it?

     

    ^_^

     
    |
    Mark as:
  • 12Robots
    Currently Being Moderated
    5. 12Robots,
    Jul 27, 2012 7:21 AM   in reply to WolfShade
    Report

    Yes, that's pretty much it. That's also the right way to handle session cookies.

     
    |
    Mark as:
Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points