cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0
Upvote

Session variable error...

coldfuse228
New Here ,
Feb 01, 2007 Feb 01, 2007

Copy link to clipboard

Copied

Hi, I have an issue with session variables. Upon successful login, I set a session variable called USERID in application.cfm. Here is the scenario: I login to my web app and the session variable displays fine. However, if I open a new browser and login as the same user, I don't see the variable anymore, I see an error message "Element USERID is undefined in SESSION". Please note this I don't have any code that removes session or its variables. Thanks in advance !

Below is the code I have:
1. Application.cfm:
<cfapplication name="testApp" setclientcookies="yes" sessionmanagement="Yes" sessiontimeout=#CreateTimeSpan(0,0,30,0)#>
....
Some code that validates login and password...
<cflock timeout="20" scope="session" type="exclusive">
<cfset Session.USERID = '282828'>
</cflock>
<cfloginuser name="#cflogin.name#" Password =
"#cflogin.password#" roles="#loginQuery.role#">

2. Test.cfm This page displays USERID
<cfoutput>#Session.USERID#</cfoutput>

Thank you for all your help! -C
TOPICS
Advanced techniques

Views

855

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 11 Replies 11
latest latest Jump to latest reply
BKBK Community Expert
Community Expert ,
Feb 02, 2007 Feb 02, 2007

Copy link to clipboard

Copied

What happens when you leave out the lock?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
coldfuse228
New Here ,
Feb 02, 2007 Feb 02, 2007

Copy link to clipboard

Copied

Hi thanks for your response. If I leave out the 'cflock', the same thing happens. On first login, the value is there (282828), but if I open subsequent new browser windows and login, they all will not have the value available. However, if on the first login, I click 'logoff', in which activates my cflogout in my application.cfm, the next open window will have session value after login.

I also noticed that I am setting value inside <cflogin> but if I set it outside of <cflogin> there is no problem. However, I need to set a session variable when the user logs in (inside cflogin section)

-C

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
BKBK Community Expert
Community Expert ,
Feb 02, 2007 Feb 02, 2007

Copy link to clipboard

Copied

> However, I need to set a session variable when the user logs in
> (inside cflogin section)

That is probably the cause of the problem. When you log a user in by means of the apparatus <cflogin><cfloginuser></cflogin>, Coldfusion no longer executes the cflogin tag until the user logs out or until the login session expires.

In any case, it makes for better code design not to place validation data, session IDs, user IDs, etc. within the tag. Use the tag exclusively for login. You are then free to place code like the following anywhere you want

<cfif Len(Trim(getAuthUser())) NEQ 0>
<!--- user is currently logged in --->
<cfset session.userID="282828">
<!--- etc --->
<cfelse>
<!--- etc --->
</cfif>

<cfif getAuthUser() IS "John" AND isUserInRole("boss")>
<!--- red carpet treatment --->
</cfif>

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
coldfuse228
New Here ,
Feb 02, 2007 Feb 02, 2007

Copy link to clipboard

Copied

Hi BKBK, thank you so much for your response! Currently, after user successfully goes through <cflogin>...</cflogin>, I perform your code <cfif Len(Trim(getAuthUser())) NEQ 0><cfset session.userID="282828">...
I am still pretty new at this, please excuse my little knowledge on this.....My only concern now is that if there are 10 different users who are going to hit this application.cfm code section with "<cfif Len(Trim(getAuthUser())) NEQ 0><cfset session.userID="282828">..." code, is there going to be any mixing up of information. Like for example, "John" might have just logged in and gone through <cflogin></cflogin> block, but then right before we get to setting the session.userID, "Mary" might intervene and then the session.userID gets mixed up. Please excuse my lack of understanding on this, but if so can you explain how application.cfm works in regard to this, are all requests to this cfm "locked"as in only after all things on application.cfm will have to execute first before next request for this page gets processed?

Thank you so much,
-C



Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
coldfuse228
New Here ,
Feb 02, 2007 Feb 02, 2007

Copy link to clipboard

Copied

Hi BKBK, right now, I am trying to create an audit table that keeps track of when a user logs in, what a user does after login and also when the user logs out. In Application.cfm, I'm going to set a variable called 'Session.isUserFirstTime' with default value of zero. After user logs in, "isUserFirstTime" will be set to 1and I will insert a row to my audit table that user has logged in. My <cfif> condition will prevent any additional inserts to the database.
I would like your thoughts on what I am going to do and potential pitfalls that might occur. I know all users will access the same application.cfm, so will there be any potential mixup of data or variables ("isUserFirstTime")? Thank you so much for your help. I have pasted code below.

<cfparam name="Session.isUserFirstTime" default=0>
<cfif (Len(Trim(getAuthUser())) NEQ 0) AND Session.isUserFirstTime eq 0>
<cfset session.isUserFirstTime = 1>
<cfinvoke
component="components.login"
method="auditUserLogin"
returnVariable="result">
<cfinvokeargument name="user" value="#getAuthUser()#">
<cfinvokeargument name="userAction" value="Logged in successfully">
<cfinvokeargument name="DSN" value="#DSN#">
</cfinvoke>
</cfif>

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
BKBK Community Expert
Community Expert ,
Feb 02, 2007 Feb 02, 2007

Copy link to clipboard

Copied

In Response To coldfuse228
> My only concern now is that if there are 10 different users
> who are going to hit this application.cfm code section with
> "<cfif Len(Trim(getAuthUser())) NEQ 0><cfset session.userID="282828">..."
> code, is there going to be any mixing up of information.

Yes, there is going to be mix-up of information. However, that would happen no matter where you put the code. The problem is that you are giving every user a static, hard-coded ID.

If there is no need for a user ID, then don't use one. Usually, if there is a need for it, then it has to be unique.

> Like for example, "John" might have just logged in and gone
> through <cflogin></cflogin> block, but then right before we get
> to setting the session.userID, "Mary" might intervene and
> then the session.userID gets mixed up.

That could happen with a variable in a scope higher up, for example, with application.userID. However, sessions are distinct, not shared between users. Even though John and Mary share the same session.userID value of 282828, Coldfusion doesn't mix up their respective values. It maintains the sessions in parallel. For example, the code

<cfif getAuthUser() is "John">
<cfset session.userID = session.userID+1>
</cfif>

would raise John's session.userID to 282829, but Mary's would still be at 282828.

The main trouble with setting a static, hard-coded session.userID is that you couldn't then use it to make a distinction like "if session.userID equals such and such, then do such and such". If you need unique IDs, then use, for example

<cfset session.userID = createUUID()>

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
BKBK Community Expert
Community Expert ,
Feb 02, 2007 Feb 02, 2007

Copy link to clipboard

Copied

> isUserFirstTime

Since an hour ago?
Since last week?
First time ever?

You may have to cross-check with the database, as in this example

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
coldfuse228
New Here ,
Feb 03, 2007 Feb 03, 2007

Copy link to clipboard

Copied

In Response To BKBK
Hi BKBK, thank you so much for your help, I'm going to dig into my code Monday morning, and think this through again. I hope I can talk to you soon again.
-C

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
BKBK Community Expert
Community Expert ,
Feb 04, 2007 Feb 04, 2007

Copy link to clipboard

Copied

Till then. Good luck.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
coldfuse228
New Here ,
Feb 06, 2007 Feb 06, 2007

Copy link to clipboard

Copied

Hi Hi BKBK:

I think I have something working here, I'm just wondering if you see any potential issues with this. Thank you so much for your help. This is how my auditComponents system for all users works:

1.) Anytime a user logs in, my application.cfm does: Checks if user is logged in and if login is already recorded in auditComponents table - basically I want to log every user's successful login. Inside this conditional block, I set loginAlreadyBeenRecorded to 1 so that auditComponents table will only be written once with the "Logged in" message. Then, I call function that writes auditComponents message to table, and that function also returns a unique id from that table too. I use this unique id to set my Session.visitIDentification variable that I will use later. I also clear session variables when I log out. My shortened code for application.cfm is:
...
<cfparam name="Session.loginAlreadyBeenRecorded" default=0>
<cfparam name="Session.visitIDentification" default=0>

<cfif (Len(Trim(getAuthUser())) NEQ 0) AND Session.loginAlreadyBeenRecorded eq 0>
<cfset session.loginAlreadyBeenRecorded = 1>
<cfinvoke component="components.auditComponents"
method="auditComponentsUserLogin"
returnVariable="visitIDentification">
...
<cfset Session.visitIDentification = visitIDentification>
</cfif>

<cfif IsDefined("Form.logout")>
<cflock timeout=20 scope="Session" type="Exclusive">
<cfset StructDelete(Session, "loginAlreadyBeenRecorded")>
</cflock>
</cfif>
...

2.) Now that I have this session unique id (Session.visitIDentification), I will log a message for all of users actions. I call a function that writes a message to auditComponents table of user's actions and also pass in the Session.visitIDentification (So that when I look at db table, I could just select * of that visitIDentification and I would get all actions for that visit :

<cfinvoke
component="components.auditComponents"
method="auditComponentsUserActions">
<cfinvokeargument
name="visitIDentification"
value="#Session.visitIDentification#">
...
</cfinvoke>

3.) Also, do I need cflocks anywhere here?

Thank you so much for your help,
C

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
coldfuse228
New Here ,
Feb 06, 2007 Feb 06, 2007

Copy link to clipboard

Copied

LATEST
Hi BKBK, like before with my new code, do you see any potential for data mixup, like user actions being confused? I don't see any as of now b/c I'm using a unique visitIDentification variable returned from my function(calls stored procedure) and also I'm using sessions.

Also, would different browsers have different effects?

Thanks so much,
C

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Copyright © 2023 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices