Copy link to clipboard
Copied
After a recent upgrade from CF9 to CF10 I am seeing the following error in a couple of legacy applications:
Element NAME is undefined in CFLOGIN
The login code in the Application.cfm looks like this:
<cfapplication name="SampleApplication"
clientmanagement="No"
loginstorage="session"
sessionmanagement="Yes"
setclientcookies="No"
sessiontimeout="#CreateTimeSpan(0, 0, 30, 0)#" />
<!--- Login --->
<cflogin applicationtoken="SampleApplication" idletimeout="300">
<!--- Construct roles --->
<cfset roles = "" >
<cfif ListFind( administrators, CFLogin.name ) >
<cfset roles = ListAppend( roles, "admin" ) >
</cfif>
<cfif ListFind( editors, CFLogin.name ) >
<cfset roles = ListAppend( roles, "edit" ) >
</cfif>
<!--- If no roles specified, send user up one level --->
<cfif roles EQ "" >
<cflocation url="../index.cfm" addtoken="no" />
</cfif>
<!--- Login user --->
<cfloginuser name="#CFLogin.name#" password="#CFLogin.password#" roles="#roles#" />
</cflogin>
Anonymous access is disabled for the directories, so my understanding is that when the CFLogin expires, the <cflogin> block runs again, and that CFLogin.name should be populated with the username supplied by the client. I've just started troubleshooting, but I'm just wondering if anyone else has run into this or has any suggestions.
Copy link to clipboard
Copied
I have not been able to reproduce the error since posting this. The above sample code was modified--previously the cfapplication code looked like this:
<cfapplication name="SampleApplication"
clientmanagement="No"
sessionmanagement="Yes"
setclientcookies="Yes"
sessiontimeout="30" />
Since loginstorage was not specified, it defaulted to cookies. And obviously the sessiontimeout value was not in the proper format. I suspect that the cflogin idletimeout was triggered, but since the cookie was still present that caused some issue. I'm not positive this is fixed, as users were still reporting issues after this change was made, but those may be lingering effects of the old code. I'll update here once I have verified that the issue is resolved.
Copy link to clipboard
Copied
Sessiontimeout="30" has proper format. However it means a timeout of 30 days. Your new value, sessiontimeout="#CreateTimeSpan(0,0,30,0)#", is equivalent to Sessiontimeout="0.02083". That is because 30 minutes is half of one twenty-fourth of a day.
The error message, "Element NAME is undefined in CFLOGIN", tells you that the login form, with input fields named j_username and j_password, was not submitted as expected. That in turn tells you that your authorization framework is shaky.
First do a check for the login form. Failure to submit it means the user will be shown the form. You could do something like:
<cflogin applicationtoken="SampleApplication" idletimeout="300">
<cfif NOT IsDefined("cflogin")>
<cfinclude template="loginform.cfm">
<cfabort>
<cfelse>
<!--- Construct roles --->
<cfset roles = "" >
<cfif ListFind( administrators, CFLogin.name ) >
<cfset roles = ListAppend( roles, "admin" ) >
</cfif>
<cfif ListFind( editors, CFLogin.name ) >
<cfset roles = ListAppend( roles, "edit" ) >
</cfif>
<!--- If no roles specified, send user up one level --->
<cfif roles EQ "" >
<cflocation url="../index.cfm" addtoken="no" />
</cfif>
<!--- Login user --->
<cfloginuser name="#CFLogin.name#" password="#CFLogin.password#" roles="#roles#" />
</cfif>
</cflogin>
Lastly, setclientcookies="no" means you will have to write the code for setting cookies. If you don't, then you should use setclientcookies="Yes".