Skip navigation
Currently Being Moderated

Session variables are set, then immediately disappear. What now?

May 7, 2009 11:52 AM

Ok, this is strange. Maybe because I'm darn tire. But anyway...


I have a simple login script that checks stuff and then if successful logs them in via setting session variables into the session via a struct like so:


<cfset session.user = {} />


I then set all my other user specific stuff in this struct. That's straightforward...and when I dump shows the data. However, if I refresh the page, this session variable disappears. If I simply dump "session" then I see the usual CFID and CFTOKEN stuff. So session is enabled and ready, but why then does it disappear?


I have done stuff like this before so I really can't see what's happening. The session timeout is also set to 30 minutes in the Application.cfc so that shouldn't be it.


My CFC code is below.


Many thanks,





<cffunction name="authenticateUser" returntype="void" output="true" access="public" displayname="authenticateUser">


        <cfargument name="userName" type="string" />
        <cfargument name="userPassword" type="string" />
        <cfargument name="userCaptcha" type="string" />
        <cfargument name="userCaptchaEncrypted" type="string" />
        <cfset var local = {} />
        <cfset local.fieldsValid = true />


        <cfif not len(trim(arguments.userName))>
            <cfset request.messagesObject.addMessage("info","User name is required.") />
            <cfset local.fieldsValid = false />
        <cfif not len(trim(arguments.userPassword))>
            <cfset request.messagesObject.addMessage("info","Password is required.") />
            <cfset local.fieldsValid = false />
        <cfif not len(trim(arguments.userCaptcha))>
            <cfset request.messagesObject.addMessage("info","The security code is required.") />
            <cfset local.fieldsValid = false />
            <cfif not trim(arguments.userCaptcha) eq decrypt(arguments.userCaptchaEncrypted,"iloveyou","CFMX_COMPAT","Hex" )>
                <cfset request.messagesObject.addMessage("error","The security code entered was incorrect.") />
                <cfset local.fieldsValid = false />
        <cfif len(trim(arguments.userCaptcha)) neq 5>
            <cfset request.messagesObject.addMessage("info","The security code must be 5 characters in length.") />
            <cfset local.fieldsValid = false />
        <cfif not len(trim(arguments.userCaptchaEncrypted))>
            <cfset request.messagesObject.addMessage("error","The encrypted security code is required by the system but was not found.") />
            <cfset local.fieldsValid = false />


        <cfif local.fieldsValid>


                <cflock name="lockGetUser" type="exclusive" timeout="30">
                    <cfquery name="local.qryGetUser" datasource="#request.dsn#" username="#request.username#" password="#request.password#">
                    SELECT userID, userName, userPassword, userRole, userDeleted
                    FROM #request.tbl_users#
                    WHERE userName = <cfqueryparam cfsqltype="cf_sql_varchar" value="#trim(arguments.userName)#" />
                    AND userPassword = <cfqueryparam cfsqltype="cf_sql_varchar" value="#trim(arguments.userPassword)#" />
                    AND userDeleted = 0
                <cfif local.qryGetUser.recordcount eq 1>
                    <cflock scope="session" timeout="30" type="exclusive">
                        <cfset session.user = {} />
                        <cfset session.user.username = local.qryGetUser.userName />
                        <cfset session.user.role = local.qryGetUser.userRole />
                        <cfset = local.qryGetUser.userID />
                        <cfdump var="#session.user#" />


                    <cfset request.messagesObject.addMessage("ok","Welcome " & htmlEditFormat(local.qryGetUser.userName) & ". You have been logged in.") />


                    <cfset request.messagesObject.addMessage("error","Invalid user name / password combination.") />
                <!---<cfcatch type="any">
                    <cfset request.messagesObject.addMessage("error","authenticateUser() " & cfcatch) />

  • Currently Being Moderated
    May 7, 2009 12:23 PM   in reply to Kapitaine
    <cfset session.user = {} />


    That's dicey! I expected the done thing, namely, <cfset session.user = "">. Could you show us the code in Application.cfc? That's where the engine usually needs oiling.

    Mark as:

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points