12 Replies Latest reply on May 4, 2016 6:39 AM by Steven6282

    ColdFusion 11 Throws Error Session Variable Undefined, When in fact it is Defined as shown by CFDump.

    R.white

      I've been having a particularly annoying error with ColdFusion 11, and unable to track down the source of this problem.

      Basically There are a few variables defined in the session scope we check with isdefined a few lines above to make sure they are defined. Subsequent lines may or may not throw a #variablename# is undefined on random lines.

      What can I do to fix this issue? Is this a known bug?

        • 1. Re: ColdFusion 11 Throws Error Session Variable Undefined, When in fact it is Defined as shown by CFDump.
          BKBK Adobe Community Professional & MVP

          I am unaware of such a session issue. Could you show us a code sample?

           

          Make sure your isDefined test applies to all the session variables? That is, your test should be equivalent to the following

           

          <cfif isDefined("session.var1") and isDefined("session.var2") and isDefined("session.var3") etc>

          <!--- session.var1, session.var2, session.var3, ... all exist --->

          </cfif>

          • 2. Re: Re: ColdFusion 11 Throws Error Session Variable Undefined, When in fact it is Defined as shown by CFDump.
            R.white Level 1

            I am doing isDefined checks for relevant variables when neccessary. The problem is not that the code errors out undefined ... it's that the variable is actually defined and errors out undefined.


            As a simplified example;

             

            Login.cfm Form supplies form.username and form.password to login_action.cfm then redirects to index.cfm after succesful LDAP authentication. I will not include all lines as it would be too long.

             

            Login_action.cfm

            <cfinclude template="ldap.cfm">
            <!--- LDAP login code goes here; checks if credential's supplied are valid and sets variable #logged_in# ... --->
            
            <cftry>
                <cfif isdefined("logged_in") and logged_in>
            
                    <!--- Create Session User Structure and Default Profile --->
                    <cfset session.user=StructNew()>
                    <cfset session.user.username=form.username>
                    <cfset session.user.firstname="">
                    <cfset session.user.surname="">
                    <cfset session.user.email="">
            
                    <!--- Pull in additional Details --->
                    <cfquery name="qDetails" datasource="userdetails">
                    SELECT firstname,surname,email FROM Profiles
                    WHERE username = '#session.user.username#'
                    </cfquery>
                    <cfif isdefined("qDetails") and qDetails.recordcount>
                        <cfoutput query="qDetails">
                        <cfset session.user.firstname ="#qDetails.firstname#">
                        <cfset session.user.surname="#qDetails.surname#">
                        <cfset session.user.email="#qDetails.email#">
                        </cfouput>
                    </cfif>
                <cfelse>
                    <!--- Throw Error back to login page --->
                    <cfthrow message="1" type="Custom_Security" ErrorCode="Fail">
                </cfif>
                <cfcatch type="any">
                    <!--- Throw Error back to login page --->
                    <cfthrow message="2" type="Custom_Security" ErrorCode="Fail">
                </cfcatch>
            </cftry>
            <!--- Redirect User to login page after Successful Login --->
            <cflocation url="index.cfm">
            
            
            

             

            Index.cfm

             

            <!--- At Top of Index session.user.email always exists, in the event it is undefined it will be set to "" --->
            <cfparam name="session.user.email" default="">
            
            <!--- Lots of lines of code above here build HTML page etc <cfoutput> references to #session.user.email# and other session vars --->
            
            <!--- Example pull some more information this line may or may not error... --->
            <cfquery name="qUserInformation" datasource="userdetails">
            SELECT * FROM Information
            WHERE user_email = '#session.user.email#'
            ORDER BY SomeOtherColumn
            </CFQUERY>
            <!--- Example point where a session error can be generated less than 2 lines above it has just finished getting information using session.user.email --->
            <cfquery name="qUserGroups" datasource="userdetails">
            SELECT * FROM Groups
            WHERE user_email = '#session.user.email#'
            ORDER BY SomeColumn
            </CFQUERY>
            
            <!--- Some other common examples require cfscript - and throw errors; above lines may not ... --->
            <cfscript>
            oHomePage=CreateObject("component","site_components.homepage");
            qNews=oHomePage.getNews("#session.user.category#");
            </cfscript>
            
            
            <!--- More lines to do with HTML Footer etc <cfoutput> more stuff --->
            
            
            

             

            in the wwwroot the Application.cfm handles all errors generated during rendering of the page, which includes generating a cfdump of the session scope.

             

            When I get the Error Log I can see in the cfcatch cfdump the error... Element USER.EMAIL UnDefined in SESSION.

            struct

            Browser

            Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36

            DateTime

            {ts '2014-09-28 11:38:48'}

            Diagnostics

            Element USER.EMAIL is undefined in SESSION. <br>The error occurred on line 15.

             

            However when I check the SESSION scope which is also dumped ... It is defined!

             

             

            struct

            user

            struct

            COLOR

            cccccc

            EMAIL

            myemail@example.com

            FIRSTNAME

            Example

            SURNAME

            Surname

            EXAMPLE1

            1

            TEMPLATE

            template14

            TEMPLATE_DETAILS

            0

             

            What is causing this strange and irratic behaviour? The problem is so far I cannot replicate the issue. It is intermittant. The issue only started after upgrading to ColdFusion 11. This code has worked flawlessly for years on CF8.

            • 3. Re: ColdFusion 11 Throws Error Session Variable Undefined, When in fact it is Defined as shown by CFDump.
              BKBK Adobe Community Professional & MVP

              Clearly, if logged_in is undefined in the context of  login_action.cfm, then session.user.email will be undefined. The 2 relevant questions are: where is the cfcatch cfdump you talk about and where do you dump the session?

               

              How does does your cfapplication tag look like? You have to enable session management properly. Otherwise Coldfusion may create a new session at every request.

              • 4. Re: ColdFusion 11 Throws Error Session Variable Undefined, When in fact it is Defined as shown by CFDump.
                dirkm1977

                Hi everyone,

                 

                I've got a similar problem. The browser loses the session vars on a new page request. But this error occures only in some Internet Explorer installations and it doesn't matter which Version. I'm testing with IE11 and the error occures, a colleque also uses the IE11 and it works fine same Version, same OS. Our customers using IE8 and some of them it works some not. We are using CF11 with WinServ 2012.

                 

                Thanks for help

                 

                Dirk

                • 5. Re: ColdFusion 11 Throws Error Session Variable Undefined, When in fact it is Defined as shown by CFDump.
                  BKBK Adobe Community Professional & MVP

                  We should first rule out coding errors. Errors involving the use of session to control flow during the login process can be very subtle indeed.

                  • 6. Re: ColdFusion 11 Throws Error Session Variable Undefined, When in fact it is Defined as shown by CFDump.
                    R.white Level 1

                    Hi Bkbk,

                     

                    Thanks for taking the time to respond. You are correct if logged_in is undefined the session will not get created and the user will not be logged in. If this was a code error why does this problem not occur in ColdFusion 8, 9 or 10?

                     

                    The issue occurs some time after a user has successfully logged in and the session scope has already been created.

                     

                    It's not a normal undefined error because the variable is clearly defined in the error log. I can see all the relevant variables at the time of the error event. As you can imagine this is quite the puzzle! It appears more like a ColdFusion bug introduced in the new version.

                     

                    Session  management is enabled. The application.cfm redirects all ColdFusion errors to a custom error page which dumps common variables which are useful for debugging like Session, CGI, Application etc and includes it in an email for debugging.

                     

                    Here's the relevant code from application.cfm

                     

                    <CFERROR TYPE="EXCEPTION" EXCEPTION="ANY" TEMPLATE="login/custom_error.cfm">
                    <cferror type="REQUEST" template="login/request_error.cfm">
                    <cfsetting enablecfoutputonly=true>
                    <!---enable session management--->
                    <cfset theTimeout = CreateTimespan(0,2,0,0)>
                    <cfapplication name="example" sessionmanagement="Yes" setclientcookies="Yes" sessiontimeout="#theTimeout#">
                    
                          <cfif IsDefined("Cookie.CFID") AND IsDefined("Cookie.CFTOKEN")>
                            <cfset cfid_local=Cookie.CFID>
                            <cfset cftoken_local=Cookie.CFTOKEN>
                            <cfcookie name="CFID" value="#cfid_local#">
                            <cfcookie name="CFTOKEN" value="#cftoken_local#">
                         </cfif>
                    
                    • 7. Re: ColdFusion 11 Throws Error Session Variable Undefined, When in fact it is Defined as shown by CFDump.
                      BKBK Adobe Community Professional & MVP

                      It may or may not be relevant but, for completeness, add the attribute applicationTimeout = "#createTimespan(1,0,0,0)#" . Also place the cferror tags underneath the cfapplication tag.

                       

                      Your code looks fine so far. However, I have some questions. There are 2 occurrences of '#session.user.email#' in index.cfm. You seem to say that the second one caused the error. Is that so?

                      • 8. Re: ColdFusion 11 Throws Error Session Variable Undefined, When in fact it is Defined as shown by CFDump.
                        R.white Level 1

                        Hi BKBK, Thanks for the suggestion. Something to try at least. I'm open to solving this problem programatically. I've tried using cfparam and cflock around specific sections where session variables are read. It hasn't really done anything so far.

                        That's good. No problem. There are a lot of references to variables in the index.cfm page (About 1100 lines of code).

                         

                        There are cfincludes as well as function calls and structures being referenced from cfscripts. Under Session.user there are at least 50 different variables some with arrays of information as well.

                        Unfortunately It's not specific to #session.user.email#, it is however more common. all of the defined-undefined errors are related to #session.user.xyz# though.

                        • 9. Re: ColdFusion 11 Throws Error Session Variable Undefined, When in fact it is Defined as shown by CFDump.
                          BKBK Adobe Community Professional & MVP

                          In debugging this, it is vital to know the page and, especially, the line number where the error occurs.

                          • 10. Re: ColdFusion 11 Throws Error Session Variable Undefined, When in fact it is Defined as shown by CFDump.
                            R.white Level 1

                            Hi BKBK, I know it's been a while since I've looked into this. Thank you for your patience. Unfortunately the line number generated is random and not consistent so It's a difficult error to debug, I can't give you one particular line to check as it can occur at any session variable reference in the script.

                             

                            I have discovered a correlation with the session errors and the login action page which gets called after the login post event. This is interesting as CF9 does not display the same behavior when dealing with session variables.

                            I am obviously not going to downgrade to CF9 due to security and code implications.

                             

                            I believe what is happening with the session variables is to do with execution path when multiple sessions are created in quick succession. I am unsure how to reference this variable scope peculiarity to detect and reference it programmatically. I can reproduce the error after quick successive logins (Example user hits login button twice, like double click submit), I've managed to curb this particular error being generated by applying a client side script (jQuery) to disable the login button straight after a successful validation of the form input boxes.

                             

                            This has worked to almost eliminate the cause of these rogue session errors.

                             

                            As the previous session is invalidated and no longer relates to the browser session, I believe this is what generates the error from the previous HTTP post. The user does not actually see any error as there is no callback from the browser, as it has already received the second post action, this second post completes as normal and the error is generated from the first action.

                             

                            I am not sure how to proceed with this at this stage. Open to suggestions! I think this is a bug with the session variable reference, something like an invalidated handle to the variable scope?

                             

                            If I check for the variable using the cfcatch diagnostic message variable using an evaluated string reference in the error handling routine custom_error.cfm, I can actually detect whether the session variable which generated the error undefined is defined in the session scope. This is the weirdness which during normal debugging should not be the case. an error generated for a session variable not being defined should remain undefined while the error log is generated.

                            • 11. Re: ColdFusion 11 Throws Error Session Variable Undefined, When in fact it is Defined as shown by CFDump.
                              BKBK Adobe Community Professional & MVP

                              Let's put the matter to rest. Could you show us the relevant pages: Application.cfc, login page, index.cfm and so on.

                              • 12. Re: Re: ColdFusion 11 Throws Error Session Variable Undefined, When in fact it is Defined as shown by CFDump.
                                Steven6282

                                Did you ever find an actual solution to this problem?  I'm having a very similar problem but in CF9 and with a Request variable instead of a session variable.  It's driving me crazy.  It's the exact same symptoms though, it errors saying it's undefined and then the dump in my error handler shows it clearly defined.