11 Replies Latest reply on Feb 6, 2007 1:19 PM by coldfuse228

    Session variable error...

    coldfuse228
      Hi, I have an issue with session variables. Upon successful login, I set a session variable called USERID in application.cfm. Here is the scenario: I login to my web app and the session variable displays fine. However, if I open a new browser and login as the same user, I don't see the variable anymore, I see an error message "Element USERID is undefined in SESSION". Please note this I don't have any code that removes session or its variables. Thanks in advance !

      Below is the code I have:
      1. Application.cfm:
      <cfapplication name="testApp" setclientcookies="yes" sessionmanagement="Yes" sessiontimeout=#CreateTimeSpan(0,0,30,0)#>
      ....
      Some code that validates login and password...
      <cflock timeout="20" scope="session" type="exclusive">
      <cfset Session.USERID = '282828'>
      </cflock>
      <cfloginuser name="#cflogin.name#" Password =
      "#cflogin.password#" roles="#loginQuery.role#">

      2. Test.cfm This page displays USERID
      <cfoutput>#Session.USERID#</cfoutput>

      Thank you for all your help! -C
        • 1. Re: Session variable error...
          BKBK Adobe Community Professional & MVP
          What happens when you leave out the lock?

          • 2. Re: Session variable error...
            coldfuse228 Level 1
            Hi thanks for your response. If I leave out the 'cflock', the same thing happens. On first login, the value is there (282828), but if I open subsequent new browser windows and login, they all will not have the value available. However, if on the first login, I click 'logoff', in which activates my cflogout in my application.cfm, the next open window will have session value after login.

            I also noticed that I am setting value inside <cflogin> but if I set it outside of <cflogin> there is no problem. However, I need to set a session variable when the user logs in (inside cflogin section)

            -C
            • 3. Re: Session variable error...
              BKBK Adobe Community Professional & MVP
              > However, I need to set a session variable when the user logs in
              > (inside cflogin section)


              That is probably the cause of the problem. When you log a user in by means of the apparatus <cflogin><cfloginuser></cflogin>, Coldfusion no longer executes the cflogin tag until the user logs out or until the login session expires.

              In any case, it makes for better code design not to place validation data, session IDs, user IDs, etc. within the tag. Use the tag exclusively for login. You are then free to place code like the following anywhere you want

              <cfif Len(Trim(getAuthUser())) NEQ 0>
              <!--- user is currently logged in --->
              <cfset session.userID="282828">
              <!--- etc --->
              <cfelse>
              <!--- etc --->
              </cfif>

              <cfif getAuthUser() IS "John" AND isUserInRole("boss")>
              <!--- red carpet treatment --->
              </cfif>

              • 4. Re: Session variable error...
                coldfuse228 Level 1
                Hi BKBK, thank you so much for your response! Currently, after user successfully goes through <cflogin>...</cflogin>, I perform your code <cfif Len(Trim(getAuthUser())) NEQ 0><cfset session.userID="282828">...
                I am still pretty new at this, please excuse my little knowledge on this.....My only concern now is that if there are 10 different users who are going to hit this application.cfm code section with "<cfif Len(Trim(getAuthUser())) NEQ 0><cfset session.userID="282828">..." code, is there going to be any mixing up of information. Like for example, "John" might have just logged in and gone through <cflogin></cflogin> block, but then right before we get to setting the session.userID, "Mary" might intervene and then the session.userID gets mixed up. Please excuse my lack of understanding on this, but if so can you explain how application.cfm works in regard to this, are all requests to this cfm "locked"as in only after all things on application.cfm will have to execute first before next request for this page gets processed?

                Thank you so much,
                -C



                • 5. Re: Session variable error...
                  coldfuse228 Level 1
                  Hi BKBK, right now, I am trying to create an audit table that keeps track of when a user logs in, what a user does after login and also when the user logs out. In Application.cfm, I'm going to set a variable called 'Session.isUserFirstTime' with default value of zero. After user logs in, "isUserFirstTime" will be set to 1and I will insert a row to my audit table that user has logged in. My <cfif> condition will prevent any additional inserts to the database.
                  I would like your thoughts on what I am going to do and potential pitfalls that might occur. I know all users will access the same application.cfm, so will there be any potential mixup of data or variables ("isUserFirstTime")? Thank you so much for your help. I have pasted code below.

                  <cfparam name="Session.isUserFirstTime" default=0>
                  <cfif (Len(Trim(getAuthUser())) NEQ 0) AND Session.isUserFirstTime eq 0>
                  <cfset session.isUserFirstTime = 1>
                  <cfinvoke
                  component="components.login"
                  method="auditUserLogin"
                  returnVariable="result">
                  <cfinvokeargument name="user" value="#getAuthUser()#">
                  <cfinvokeargument name="userAction" value="Logged in successfully">
                  <cfinvokeargument name="DSN" value="#DSN#">
                  </cfinvoke>
                  </cfif>
                  • 6. Re: Session variable error...
                    BKBK Adobe Community Professional & MVP
                    > My only concern now is that if there are 10 different users
                    > who are going to hit this application.cfm code section with
                    > "<cfif Len(Trim(getAuthUser())) NEQ 0><cfset session.userID="282828">..."
                    > code, is there going to be any mixing up of information.


                    Yes, there is going to be mix-up of information. However, that would happen no matter where you put the code. The problem is that you are giving every user a static, hard-coded ID.

                    If there is no need for a user ID, then don't use one. Usually, if there is a need for it, then it has to be unique.

                    > Like for example, "John" might have just logged in and gone
                    > through <cflogin></cflogin> block, but then right before we get
                    > to setting the session.userID, "Mary" might intervene and
                    > then the session.userID gets mixed up.


                    That could happen with a variable in a scope higher up, for example, with application.userID. However, sessions are distinct, not shared between users. Even though John and Mary share the same session.userID value of 282828, Coldfusion doesn't mix up their respective values. It maintains the sessions in parallel. For example, the code

                    <cfif getAuthUser() is "John">
                    <cfset session.userID = session.userID+1>
                    </cfif>

                    would raise John's session.userID to 282829, but Mary's would still be at 282828.

                    The main trouble with setting a static, hard-coded session.userID is that you couldn't then use it to make a distinction like "if session.userID equals such and such, then do such and such". If you need unique IDs, then use, for example

                    <cfset session.userID = createUUID()>

                    • 7. Re: Session variable error...
                      BKBK Adobe Community Professional & MVP
                      > isUserFirstTime

                      Since an hour ago?
                      Since last week?
                      First time ever?

                      You may have to cross-check with the database, as in this example

                      • 8. Re: Session variable error...
                        coldfuse228 Level 1
                        Hi BKBK, thank you so much for your help, I'm going to dig into my code Monday morning, and think this through again. I hope I can talk to you soon again.
                        -C
                        • 9. Re: Session variable error...
                          BKBK Adobe Community Professional & MVP
                          Till then. Good luck.

                          • 10. Re: Session variable error...
                            coldfuse228 Level 1
                            Hi Hi BKBK:

                            I think I have something working here, I'm just wondering if you see any potential issues with this. Thank you so much for your help. This is how my auditComponents system for all users works:

                            1.) Anytime a user logs in, my application.cfm does: Checks if user is logged in and if login is already recorded in auditComponents table - basically I want to log every user's successful login. Inside this conditional block, I set loginAlreadyBeenRecorded to 1 so that auditComponents table will only be written once with the "Logged in" message. Then, I call function that writes auditComponents message to table, and that function also returns a unique id from that table too. I use this unique id to set my Session.visitIDentification variable that I will use later. I also clear session variables when I log out. My shortened code for application.cfm is:
                            ...
                            <cfparam name="Session.loginAlreadyBeenRecorded" default=0>
                            <cfparam name="Session.visitIDentification" default=0>

                            <cfif (Len(Trim(getAuthUser())) NEQ 0) AND Session.loginAlreadyBeenRecorded eq 0>
                            <cfset session.loginAlreadyBeenRecorded = 1>
                            <cfinvoke component="components.auditComponents"
                            method="auditComponentsUserLogin"
                            returnVariable="visitIDentification">
                            ...
                            <cfset Session.visitIDentification = visitIDentification>
                            </cfif>

                            <cfif IsDefined("Form.logout")>
                            <cflock timeout=20 scope="Session" type="Exclusive">
                            <cfset StructDelete(Session, "loginAlreadyBeenRecorded")>
                            </cflock>
                            </cfif>
                            ...

                            2.) Now that I have this session unique id (Session.visitIDentification), I will log a message for all of users actions. I call a function that writes a message to auditComponents table of user's actions and also pass in the Session.visitIDentification (So that when I look at db table, I could just select * of that visitIDentification and I would get all actions for that visit :

                            <cfinvoke
                            component="components.auditComponents"
                            method="auditComponentsUserActions">
                            <cfinvokeargument
                            name="visitIDentification"
                            value="#Session.visitIDentification#">
                            ...
                            </cfinvoke>

                            3.) Also, do I need cflocks anywhere here?

                            Thank you so much for your help,
                            C
                            • 11. Re: Session variable error...
                              coldfuse228 Level 1
                              Hi BKBK, like before with my new code, do you see any potential for data mixup, like user actions being confused? I don't see any as of now b/c I'm using a unique visitIDentification variable returned from my function(calls stored procedure) and also I'm using sessions.

                              Also, would different browsers have different effects?

                              Thanks so much,
                              C