6 Replies Latest reply on May 29, 2015 4:19 AM by coylo

    CF 11 Unexpected Log Out

    JonathanPecoraro

      We are experiencing an issue where our users are being intermittently logged out of the website. This issue seems to occur directly after the initial log in to the website. After a user logs in, they click a link, then are redirected to the login page again. We are upgrading from CF 9 to CF 11 and we were not seeing this issue in CF 9. There are two main things that I've noticed when this issue occurs. The GetAuthUser() call is returning an empty string (for the user that was logged in with cfloginuser) and part of the session has been removed (as if a structdelete was performed on a variable in the session struct).

      Is anyone able to help with this problem?

        • 1. Re: CF 11 Unexpected Log Out
          BKBK Adobe Community Professional & MVP

          It could be anything. Session management is notoriously hard to code. Besides, the Coldfusion Team modified the session engine in Coldfusion 10.

           

          I would start by ruling out any shortcoming in the code. Would you let us have a look at the relevant code?

          • 2. Re: CF 11 Unexpected Log Out
            JonathanPecoraro Level 1

            Okay, I see there's an improved cflogin section, so maybe that has something to do with the problem. I'll read through this document.

            Thanks for your response.

            • 3. Re: CF 11 Unexpected Log Out
              JonathanPecoraro Level 1

              Hello BKBK,

               

              We've tried a number of different solutions, but we're still experiencing the logout issue mentioned back in December. Do you have any other insight on this issue? You mentioned that you would like to see the code. Here it is:

               

              Application.cfc:

              <cfcomponent output="false">

                <cfset THIS.name = "SECURE_WEBSITE_COM">

                <cfset THIS.sessionManagement = true>

                <cfset THIS.loginStorage = "session">

               

               

                <cffunction name="onRequestStart" returntype="boolean">

                <cfargument type="string" name="targetPage" required="true">

               

               

                <cfif StructKeyExists(URL, "signout")> <!--- Explicit logout --->

                <cflogout>

                </cfif>

               

               

                <cflogin>

                <cfif IsDefined("cflogin.name") AND IsDefined("cflogin.password") AND Len(CFLOGIN.name) AND Len(CFLOGIN.password)>

                <cfloginuser name="#CFLOGIN.name#" password="#CFLOGIN.password#" roles="admin">

                <cfset SESSION.user.id = 2880>

                <cfelseif NOT Len(GetAuthUser())> <!--- User has not logged in yet --->

                <cfinclude template="/login.cfm">

                <cfabort>

                </cfif>

                </cflogin>

                <cfreturn true>

                </cffunction>

              </cfcomponent>

               

               

              login.cfm

              <cfparam name="importantMessage" default="">

              <!doctype html>

              <html>

              <head>

              <meta charset="utf-8">

              <title>Log On</title>

              </head>

              <body>

                <div id="contentContainer">

                <div id="mainContent">

                <cfoutput>

                <cfset showQueryString = Len(CGI.QUERY_STRING) AND CompareNoCase(CGI.QUERY_STRING, "signout=yes") NEQ 0>

                <fieldset id="loginContainer">

                <legend>Sign In</legend>

                <form name="loginform" action="#cgi.script_name#<cfif showQueryString>?#EncodeForHTMLAttribute(CGI.QUERY_STRING)#</cfif>" method="post">

                <cfif Len(importantMessage)>

                <div class="message" id="successMessage"><cfoutput>#importantMessage#</cfoutput></div>

                </cfif>

                <div>

                <label>Email:</label>

                <input name="j_username" id="j_username" type="text"  maxlength="250"<cfif IsDefined("COOKIE.savedUserName")> value="<cfoutput>#LCase(COOKIE.savedUserName)#</cfoutput>"</cfif> title="Please enter your full email address in the form: name@abc.com">

                </div>

                <div>

                <label>Password:</label>

                <input name="j_password" id="j_password" type="password"  maxlength="250" title="Please enter your password" autocomplete="off">

                </div>

                <div>

                <input type="submit" name="submit" id="submit" value="Sign In">

                </div>

                </form>

                </fieldset>

                </cfoutput>

                </div>

                <cfinclude template="/global/footer.cfm">

              </div>

              </body>

              </html>

               

              Additional Information:

              - Although this code is a modified version of our actual code, I have verified that the logout issue does happen with this exact code.

              - This issue is happening on our https production server as well as our http local environments

              - We are using Microsoft IIS Version 7.5 as our webserver

              - If you think this is an issue with the Coldfusion Administrator settings, I would be happy to provide them to you

              • 4. Re: CF 11 Unexpected Log Out
                BKBK Adobe Community Professional & MVP

                My suggestions:

                 

                Application.cfc

                <cfcomponent output="false">

                  <cfset THIS.name = "SECURE_WEBSITE_COM">

                  <cfset THIS.sessionManagement = true>

                  <cfset THIS.loginStorage = "session">

                  <cfset THIS.applicationTimeout = "#createTimespan(1,0,0,0)#"> <!--- suggestion added --->

                  <cfset THIS.sessionTimeout = "#createTimeSpan(0,0,20,0)#"> <!--- suggestion added --->

                 

                  <cffunction name="onRequestStart" returntype="boolean">

                  <cfargument type="string" name="targetPage" required="true">

                 

                  <cfif StructKeyExists(URL, "signout")> <!--- Explicit logout --->

                  <cflocation url="/logout.cfm"> <!--- suggestion added --->

                  </cfif>

                 

                  <cflogin>

                      <cfif IsDefined("cflogin.name") AND IsDefined("cflogin.password") AND Len(CFLOGIN.name) AND Len(CFLOGIN.password)>

                          <cfloginuser name="#CFLOGIN.name#" password="#CFLOGIN.password#" roles="admin">

                          <cfset SESSION.user.id = 2880>

                          <!--- I think the GetAuthUser() test is redundant. As we are now within the cflogin tag, it means this user is non-authorized anyway--->

                        <!--- <cfelseif NOT Len(GetAuthUser())> ---> <!--- User has not logged in yet --->

                      <cfelse> <!--- suggestion added --->

                           <cfinclude template="/login.cfm">

                          <cfabort>

                      </cfif>

                  </cflogin>

                  <cfreturn true>

                  </cffunction>

                </cfcomponent>

                 

                logout.cfm

                <cflogout>

                You have logged out. <br>

                <p><a href="login.cfm">Log in</a></p>

                <cfabort>

                • 5. Re: CF 11 Unexpected Log Out
                  JonathanPecoraro Level 1

                  Thanks again for your suggestions. I will try them out.

                  • 6. Re: CF 11 Unexpected Log Out
                    coylo Level 1

                    i am having this exact same issue. did you ever get to the bottom of it?