• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

session scope issue.

Participant ,
Mar 30, 2009 Mar 30, 2009

Copy link to clipboard

Copied

Hello;
I created a log in system for a sub directory in my web site. I have the directory locked down using an application.cfc file, it also takes orders from the application.cfc file in the main directory.

I think I set my session variables properly when the user logs into the app. But when I try and add a tag to lock something out, it says my session is not defined in the session scope.

I am trying to make tags the will take out elements if you do not have admin access. This is shown by a checkbox in the database, or in access it is a yes/no field. I have tags that if it eq True it does one thing. and those work, but they do not run on the session scope.

The best thing I think I can do is to show you how my session scope is set up. there are different kinds.

1. is just the session you get as just any user who surfs the web.
2. is the back end user who is either an admin or not.

application.cfc in main directory:
<cfscript>
THIS.name = "my web";
THIS.sessionManagement=true;
THIS.clientManagement=true;
THIS.applicationTimeout = createTimeSpan(0,0,20,0);
THIS.sessionTimeout = createTimeSpan(0,0,20,0);
</cfscript>

<cffunction name="onSessionStart" returntype="any" output="true">
<cfset SESSION.created = now()>
<cfset CLIENT.cfid = SESSION.cfid>
<cfset CLIENT.cftoken = SESSION.cftoken>
<!--- I have some other things in here for tracking and page views and so on --->
</cffunction>

Application.cfc in sub directory:

<cffunction name="OnRequestStart" output="false" returntype="string">
<cfif NOT isDefined("SESSION.auth.isLoggedIn")>
<cflocation url="../sitemanager.cfm" addtoken="no">
<cfabort>
<cfelseif isDefined("FORM.UserLogin")>
<cfinclude template="../LoginCheck.cfm">
<cfreturn true>
</cfif>
</cffunction>

<cffunction name="onSessionStart" returntype="any" output="true">
<cfset SESSION.created = now()>
<cfset SESSION.auth = structNew()>
<cfset SESSION.auth.isLoggedIn = "Yes">
<cfset SESSION.auth.id = SESSION.auth.id>
<cfset SESSION.auth.Fname = SESSION.auth.Fname>
<cfset SESSION.auth.Lname = SESSION.auth.Lname>
<cfset SESSION.auth.isAdminstrator = SESSION.auth.isAdminstrator>
</cffunction>

and I set off the sessions with my login page:

<CFQUERY NAME="IsValidLogin" datasource="#APPLICATION.dataSource#">
SELECT user.Fname, user.Lname
FROM user
WHERE userName =<cfqueryparam cfsqltype="cf_sql_varchar" value="#FORM.userLogin#">
</CFQUERY>
<CFQUERY NAME="IsValidUser" datasource="#APPLICATION.dataSource#">
SELECT user.id, user.Fname, user.Lname, user.admin
FROM user
WHERE userName =<cfqueryparam cfsqltype="cf_sql_varchar" value="#FORM.userLogin#">
AND password =<cfqueryparam cfsqltype="cf_sql_varchar" value="#FORM.userPassword#">
</CFQUERY>

<cfif IsValidUser.recordcount eq 1>
<cflock scope="Session" type="EXCLUSIVE" TIMEOUT="20">
<cfset SESSION.auth = structNew()>
<cfset SESSION.auth.isLoggedIn = "Yes">
<cfset SESSION.auth.id = IsValidUser.id>
<cfset SESSION.auth.Fname = IsValidUser.Fname>
<cfset SESSION.auth.Lname = IsValidUser.Lname>
<cfset SESSION.auth.isAdminstrator = IsValidUser.admin>
</cflock>

so there are 3 pages control the session in this app so far. I thought I had them defined, I have some tags working using thee variables.

this works:
<cfif isDefined("SESSION.auth.Fname")>
Hello #SESSION.auth.Fname#!
</cfif>

and this doesn't:
<cfif SESSION.auth.isAdminstrator EQ "True">
you get this if you are an admin. if you are not an admin, it does not appear at all
</cfif>

this is the error I get:
Element AUTH.ISADMINSTRATOR is undefined in SESSION.
The error occurred on line 134.


Is there a way to write this or a form of this tag?

Thanks

So is it my tag that isn't working?
TOPICS
Advanced techniques

Views

1.1K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Mar 30, 2009 Mar 30, 2009

Copy link to clipboard

Copied

CFmonger wrote:
>
> So is it my tag that isn't working?
>

Does the code running in this sub directory belong the the same
'application' as ColdFusion sees it as the main code?

How ColdFusion handles state variables from request to request is a
complex dance involving cookies named cfid and cftoken and the
application name set with either a <cfapplication name=""...> tag or a
this.name="" parameter in an Application.cfc.

The thrust if this is that if any of these values change it is a whole
new set of data separate from any data that came before.

You can test this by checking this simple output in different parts of
you application and see if they are all the same or if there are
differences.

<cfoutput>
#appplication.appplicationName#<br/>
#session.cfid#<br/>
#session.cftoken#<br/>
</cfoutput>

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Mar 30, 2009 Mar 30, 2009

Copy link to clipboard

Copied

this is part of the application.cfc in my main directory:
<cfscript>
THIS.name = "my web";
THIS.sessionManagement=true;
THIS.clientManagement=true;
THIS.applicationTimeout = createTimeSpan(0,0,20,0);
THIS.sessionTimeout = createTimeSpan(0,0,20,0);
</cfscript>

<cffunction name="onSessionStart" returntype="any" output="true">
<cfset SESSION.created = now()>
<cfset CLIENT.cfid = SESSION.cfid>
<cfset CLIENT.cftoken = SESSION.cftoken>
<!--- I have some other things in here for tracking and page views and so on --->
</cffunction>


then in the sub directory I put the rest as well as in teh login.cfm page that actually sets off the sessions... supposedly. into that application.cfc, and yes, they work together, and I do call up the application name in the application.cfc in the sub directory.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Mar 30, 2009 Mar 30, 2009

Copy link to clipboard

Copied

Ok, I was reading, and from what the book says, (Forta - Adobe Press) is that this should work. But it isn't.

The book says this tag should work with my set up:
<cfif SESSION.auth.isAdminstrator>
this is what you get
</cfif>
this one throws an error, says it can not transform it into boleen.

this one throws no error, I had it working, but now it just doesn't do anything:

<cfif isDefined("SESSION.auth.isAdminstrator")>
this is what you get
</cfif>

I also tried your code:
<cfoutput>
#APPLICATION.companyName#<br/>
#session.cfid#<br/>
#session.cftoken#<br/>
</cfoutput>
<cfabort>
and got a responce back from the application.cfc in the main directory, so they are communicating. Do I need to map the sessions into the main application file instead?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Mar 30, 2009 Mar 30, 2009

Copy link to clipboard

Copied

CFmonger wrote:
>
> Can anyone help me figure out how to get this to go off when admin is defined
> in user table of the db.
>


You gave no hint on if you ran the experiment I suggested.

Please show the top section of both Application.cfc code files, i.e. the
pseudo constructors.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Mar 30, 2009 Mar 30, 2009

Copy link to clipboard

Copied

I ran your test, it came back with my info in the admin section with my application set up. so here is my full
application.cfc file. in both directories:

Application.cfc in Main directory:
<cfcomponent output="false">
<cfscript>
THIS.name = "myWebsite";
THIS.sessionManagement=true;
THIS.clientManagement=true;
THIS.applicationTimeout = createTimeSpan(0,0,20,0);
THIS.sessionTimeout = createTimeSpan(0,0,20,0);
THIS.setClientCookies = 1;
THIS.setDomainCookies = 1;
THIS.scriptProtect = "All";
</cfscript>

<cffunction name="onApplicationStart" returntype="boolean" output="false">
<cfset APPLICATION.appStarted = now()>
<cfif not isDefined ("APPLICATION.dataSource")>
<cfset APPLICATION.dataSource = "myDB">
</cfif>
<cfset APPLICATION.companyName = "myCompanyName">
<cfreturn true>
</cffunction>


<cffunction name="onSessionStart" returntype="any" output="true">
<cfset SESSION.created = now()>
<cfset CLIENT.cfid = SESSION.cfid>
<cfset CLIENT.cftoken = SESSION.cftoken>

<cfif IsValidUser.recordcount eq 1>
<CFQUERY NAME="IsValidUser" datasource="#APPLICATION.dataSource#">
SELECT user.id, user.Fname, user.Lname, user.admin
FROM user
WHERE userName =<cfqueryparam cfsqltype="cf_sql_varchar" value="#FORM.userLogin#">
AND password =<cfqueryparam cfsqltype="cf_sql_varchar" value="#FORM.userPassword#">
</CFQUERY>
<cflock scope="Session" type="EXCLUSIVE" TIMEOUT="20">
<cfset SESSION.auth = structNew()>
<cfset SESSION.auth.isLoggedIn = "Yes">
<cfset SESSION.auth.id = IsValidUser.id>
<cfset SESSION.auth.Fname = IsValidUser.Fname>
<cfset SESSION.auth.Lname = IsValidUser.Lname>
<cfset SESSION.auth.isAdminstrator = IsValidUser.isAdminstrator>
</cflock>
</cfif>
</cffunction>


<cffunction name="onRequestStart" returntype="boolean" output="true">
<cfset request.datasource = "myDB">
<cfset sitePath = " http://www.myweb.com">
<cfset sitePath = " http://www.myweb.com/Application.cfc">
<cfset sitePath = " http://www.myweb.com/admin">
<cfset sitePath = " http://www.myweb.com/admin/Application.cfc">
<cfreturn true>
</cffunction>

<cffunction name="onSessionEnd" returnType="void">
<cfargument name="theSession" type="struct" required="true">
<cfset var duration = dateDiff("s",arguments.theSession.created,now())>
<cflog file="#THIS.name#" text="Session lasted for #duration# seconds.">
</cffunction>

<cffunction name="onApplicationEnd" returntype="void" output="false">
<cfargument name="appScope" required="True">
<cflog file="#THIS.name#" text=
"App ended after #dateDiff('n',ARGUMENTS.appScope.appStarted,now())# minutes.">
</cffunction>

</cfcomponent>

ProxyApplication.cfc (In main directory, I do not own the server and it is shared hosting so I need this to make a secure directory, so I read and it seems to work)

<cfcomponent extends="Application">
</cfcomponent>

Application.cfc in the locked directory:

<cfcomponent output="false" extends="ProxyApplication">

<cffunction name="OnRequestStart" output="false" returntype="string">
<cfif NOT isDefined("SESSION.auth.isLoggedIn")>
<cflocation url="../sitemanager.cfm" addtoken="no">
<cfabort>
<cfelseif isDefined("FORM.UserLogin")>
<cfinclude template="../LoginCheck.cfm">
<cfreturn true>
</cfif>
</cffunction>
</cfcomponent>

then there is the LoginCheck page with the session code I posted in the first post.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Mar 30, 2009 Mar 30, 2009

Copy link to clipboard

Copied

Ok, that all looks fine.

Now have you tried a simple dump of session to see what data is there
that my give a hint to what is going wrong.

<cfdump var="#session#"> on the offending page.

P.S. If you are on a hosting plan using ColdFusion 8 then you no longer
need the proxyApplication. That is a work around for hosting providers
where one does not have access to making a mapping. Which is a pretty
poor hosting provider that can not make a mapping for you, but it does
happen. But with CF8, you can make your own mappings in your
Application.cfc thus no longer need access to the ColdFusion
Administrator to make them.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Mar 30, 2009 Mar 30, 2009

Copy link to clipboard

Copied

I didn't know I could map things out in cf 8. I did it slightly in my application file. I will go read up on mapping in the cfc after I get this fixed.

I ran the cfdump. I got this:


auth = Fname, ID and IsLoggedin (they all had my info in them
cfid 34107214
cftoken 98569261

cont query RESULTSET query

created {ts '2009-03-30 18:34:32'}
sessionid Mycompany_34107214_98569261
times_logged_on 1
urltoken CFID=34107214&CFTOKEN=98569261

those are all that came back. So those are the ones defined?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Mar 31, 2009 Mar 31, 2009

Copy link to clipboard

Copied

I have it working now after doing the cfdump. I do have a question. Am I only allowed to carry 3 session variables in the struct area? It is only allowing me to use 3 session.auth.blablabla

is this a hosting setting? Or is this the only ones I am allowed to use, and to use more, I need to make a new struckt?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Mar 31, 2009 Mar 31, 2009

Copy link to clipboard

Copied

my slightly (or, rather, highly) beer-infused guess would be that many
of your troubles have to do with this line in your onSessionStart() method:

<cfif IsValidUser.recordcount eq 1>


Azadi Saryev
Sabai-dee.com
http://www.sabai-dee.com/

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Mar 31, 2009 Mar 31, 2009

Copy link to clipboard

Copied

LATEST
what would change that too?

<cfif IsValidUser.recordcount eq 1>

RE: my slightly (or, rather, highly) beer-infused guess
Beer?? What kind? :)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation