10 Replies Latest reply on Mar 31, 2009 6:48 AM by CFmonger

    session scope issue.

    CFmonger Level 1
      Hello;
      I created a log in system for a sub directory in my web site. I have the directory locked down using an application.cfc file, it also takes orders from the application.cfc file in the main directory.

      I think I set my session variables properly when the user logs into the app. But when I try and add a tag to lock something out, it says my session is not defined in the session scope.

      I am trying to make tags the will take out elements if you do not have admin access. This is shown by a checkbox in the database, or in access it is a yes/no field. I have tags that if it eq True it does one thing. and those work, but they do not run on the session scope.

      The best thing I think I can do is to show you how my session scope is set up. there are different kinds.

      1. is just the session you get as just any user who surfs the web.
      2. is the back end user who is either an admin or not.

      application.cfc in main directory:
      <cfscript>
      THIS.name = "my web";
      THIS.sessionManagement=true;
      THIS.clientManagement=true;
      THIS.applicationTimeout = createTimeSpan(0,0,20,0);
      THIS.sessionTimeout = createTimeSpan(0,0,20,0);
      </cfscript>

      <cffunction name="onSessionStart" returntype="any" output="true">
      <cfset SESSION.created = now()>
      <cfset CLIENT.cfid = SESSION.cfid>
      <cfset CLIENT.cftoken = SESSION.cftoken>
      <!--- I have some other things in here for tracking and page views and so on --->
      </cffunction>

      Application.cfc in sub directory:

      <cffunction name="OnRequestStart" output="false" returntype="string">
      <cfif NOT isDefined("SESSION.auth.isLoggedIn")>
      <cflocation url="../sitemanager.cfm" addtoken="no">
      <cfabort>
      <cfelseif isDefined("FORM.UserLogin")>
      <cfinclude template="../LoginCheck.cfm">
      <cfreturn true>
      </cfif>
      </cffunction>

      <cffunction name="onSessionStart" returntype="any" output="true">
      <cfset SESSION.created = now()>
      <cfset SESSION.auth = structNew()>
      <cfset SESSION.auth.isLoggedIn = "Yes">
      <cfset SESSION.auth.id = SESSION.auth.id>
      <cfset SESSION.auth.Fname = SESSION.auth.Fname>
      <cfset SESSION.auth.Lname = SESSION.auth.Lname>
      <cfset SESSION.auth.isAdminstrator = SESSION.auth.isAdminstrator>
      </cffunction>

      and I set off the sessions with my login page:

      <CFQUERY NAME="IsValidLogin" datasource="#APPLICATION.dataSource#">
      SELECT user.Fname, user.Lname
      FROM user
      WHERE userName =<cfqueryparam cfsqltype="cf_sql_varchar" value="#FORM.userLogin#">
      </CFQUERY>
      <CFQUERY NAME="IsValidUser" datasource="#APPLICATION.dataSource#">
      SELECT user.id, user.Fname, user.Lname, user.admin
      FROM user
      WHERE userName =<cfqueryparam cfsqltype="cf_sql_varchar" value="#FORM.userLogin#">
      AND password =<cfqueryparam cfsqltype="cf_sql_varchar" value="#FORM.userPassword#">
      </CFQUERY>

      <cfif IsValidUser.recordcount eq 1>
      <cflock scope="Session" type="EXCLUSIVE" TIMEOUT="20">
      <cfset SESSION.auth = structNew()>
      <cfset SESSION.auth.isLoggedIn = "Yes">
      <cfset SESSION.auth.id = IsValidUser.id>
      <cfset SESSION.auth.Fname = IsValidUser.Fname>
      <cfset SESSION.auth.Lname = IsValidUser.Lname>
      <cfset SESSION.auth.isAdminstrator = IsValidUser.admin>
      </cflock>

      so there are 3 pages control the session in this app so far. I thought I had them defined, I have some tags working using thee variables.

      this works:
      <cfif isDefined("SESSION.auth.Fname")>
      Hello #SESSION.auth.Fname#!
      </cfif>

      and this doesn't:
      <cfif SESSION.auth.isAdminstrator EQ "True">
      you get this if you are an admin. if you are not an admin, it does not appear at all
      </cfif>

      this is the error I get:
      Element AUTH.ISADMINSTRATOR is undefined in SESSION.
      The error occurred on line 134.


      Is there a way to write this or a form of this tag?

      Thanks

      So is it my tag that isn't working?
        • 1. Re: session scope issue.
          Level 7
          CFmonger wrote:
          >
          > So is it my tag that isn't working?
          >

          Does the code running in this sub directory belong the the same
          'application' as ColdFusion sees it as the main code?

          How ColdFusion handles state variables from request to request is a
          complex dance involving cookies named cfid and cftoken and the
          application name set with either a <cfapplication name=""...> tag or a
          this.name="" parameter in an Application.cfc.

          The thrust if this is that if any of these values change it is a whole
          new set of data separate from any data that came before.

          You can test this by checking this simple output in different parts of
          you application and see if they are all the same or if there are
          differences.

          <cfoutput>
          #appplication.appplicationName#<br/>
          #session.cfid#<br/>
          #session.cftoken#<br/>
          </cfoutput>
          • 2. Re: session scope issue.
            CFmonger Level 1
            this is part of the application.cfc in my main directory:
            <cfscript>
            THIS.name = "my web";
            THIS.sessionManagement=true;
            THIS.clientManagement=true;
            THIS.applicationTimeout = createTimeSpan(0,0,20,0);
            THIS.sessionTimeout = createTimeSpan(0,0,20,0);
            </cfscript>

            <cffunction name="onSessionStart" returntype="any" output="true">
            <cfset SESSION.created = now()>
            <cfset CLIENT.cfid = SESSION.cfid>
            <cfset CLIENT.cftoken = SESSION.cftoken>
            <!--- I have some other things in here for tracking and page views and so on --->
            </cffunction>


            then in the sub directory I put the rest as well as in teh login.cfm page that actually sets off the sessions... supposedly. into that application.cfc, and yes, they work together, and I do call up the application name in the application.cfc in the sub directory.

            • 3. session scope issue.
              CFmonger Level 1
              Ok, I was reading, and from what the book says, (Forta - Adobe Press) is that this should work. But it isn't.

              The book says this tag should work with my set up:
              <cfif SESSION.auth.isAdminstrator>
              this is what you get
              </cfif>
              this one throws an error, says it can not transform it into boleen.

              this one throws no error, I had it working, but now it just doesn't do anything:

              <cfif isDefined("SESSION.auth.isAdminstrator")>
              this is what you get
              </cfif>

              I also tried your code:
              <cfoutput>
              #APPLICATION.companyName#<br/>
              #session.cfid#<br/>
              #session.cftoken#<br/>
              </cfoutput>
              <cfabort>
              and got a responce back from the application.cfc in the main directory, so they are communicating. Do I need to map the sessions into the main application file instead?

              • 4. Re: session scope issue.
                Level 7
                CFmonger wrote:
                >
                > Can anyone help me figure out how to get this to go off when admin is defined
                > in user table of the db.
                >


                You gave no hint on if you ran the experiment I suggested.

                Please show the top section of both Application.cfc code files, i.e. the
                pseudo constructors.
                • 5. Re: session scope issue.
                  CFmonger Level 1
                  I ran your test, it came back with my info in the admin section with my application set up. so here is my full
                  application.cfc file. in both directories:

                  Application.cfc in Main directory:
                  <cfcomponent output="false">
                  <cfscript>
                  THIS.name = "myWebsite";
                  THIS.sessionManagement=true;
                  THIS.clientManagement=true;
                  THIS.applicationTimeout = createTimeSpan(0,0,20,0);
                  THIS.sessionTimeout = createTimeSpan(0,0,20,0);
                  THIS.setClientCookies = 1;
                  THIS.setDomainCookies = 1;
                  THIS.scriptProtect = "All";
                  </cfscript>

                  <cffunction name="onApplicationStart" returntype="boolean" output="false">
                  <cfset APPLICATION.appStarted = now()>
                  <cfif not isDefined ("APPLICATION.dataSource")>
                  <cfset APPLICATION.dataSource = "myDB">
                  </cfif>
                  <cfset APPLICATION.companyName = "myCompanyName">
                  <cfreturn true>
                  </cffunction>


                  <cffunction name="onSessionStart" returntype="any" output="true">
                  <cfset SESSION.created = now()>
                  <cfset CLIENT.cfid = SESSION.cfid>
                  <cfset CLIENT.cftoken = SESSION.cftoken>

                  <cfif IsValidUser.recordcount eq 1>
                  <CFQUERY NAME="IsValidUser" datasource="#APPLICATION.dataSource#">
                  SELECT user.id, user.Fname, user.Lname, user.admin
                  FROM user
                  WHERE userName =<cfqueryparam cfsqltype="cf_sql_varchar" value="#FORM.userLogin#">
                  AND password =<cfqueryparam cfsqltype="cf_sql_varchar" value="#FORM.userPassword#">
                  </CFQUERY>
                  <cflock scope="Session" type="EXCLUSIVE" TIMEOUT="20">
                  <cfset SESSION.auth = structNew()>
                  <cfset SESSION.auth.isLoggedIn = "Yes">
                  <cfset SESSION.auth.id = IsValidUser.id>
                  <cfset SESSION.auth.Fname = IsValidUser.Fname>
                  <cfset SESSION.auth.Lname = IsValidUser.Lname>
                  <cfset SESSION.auth.isAdminstrator = IsValidUser.isAdminstrator>
                  </cflock>
                  </cfif>
                  </cffunction>


                  <cffunction name="onRequestStart" returntype="boolean" output="true">
                  <cfset request.datasource = "myDB">
                  <cfset sitePath = " http://www.myweb.com">
                  <cfset sitePath = " http://www.myweb.com/Application.cfc">
                  <cfset sitePath = " http://www.myweb.com/admin">
                  <cfset sitePath = " http://www.myweb.com/admin/Application.cfc">
                  <cfreturn true>
                  </cffunction>

                  <cffunction name="onSessionEnd" returnType="void">
                  <cfargument name="theSession" type="struct" required="true">
                  <cfset var duration = dateDiff("s",arguments.theSession.created,now())>
                  <cflog file="#THIS.name#" text="Session lasted for #duration# seconds.">
                  </cffunction>

                  <cffunction name="onApplicationEnd" returntype="void" output="false">
                  <cfargument name="appScope" required="True">
                  <cflog file="#THIS.name#" text=
                  "App ended after #dateDiff('n',ARGUMENTS.appScope.appStarted,now())# minutes.">
                  </cffunction>

                  </cfcomponent>

                  ProxyApplication.cfc (In main directory, I do not own the server and it is shared hosting so I need this to make a secure directory, so I read and it seems to work)

                  <cfcomponent extends="Application">
                  </cfcomponent>

                  Application.cfc in the locked directory:

                  <cfcomponent output="false" extends="ProxyApplication">

                  <cffunction name="OnRequestStart" output="false" returntype="string">
                  <cfif NOT isDefined("SESSION.auth.isLoggedIn")>
                  <cflocation url="../sitemanager.cfm" addtoken="no">
                  <cfabort>
                  <cfelseif isDefined("FORM.UserLogin")>
                  <cfinclude template="../LoginCheck.cfm">
                  <cfreturn true>
                  </cfif>
                  </cffunction>
                  </cfcomponent>

                  then there is the LoginCheck page with the session code I posted in the first post.
                  • 6. Re: session scope issue.
                    Level 7
                    Ok, that all looks fine.

                    Now have you tried a simple dump of session to see what data is there
                    that my give a hint to what is going wrong.

                    <cfdump var="#session#"> on the offending page.

                    P.S. If you are on a hosting plan using ColdFusion 8 then you no longer
                    need the proxyApplication. That is a work around for hosting providers
                    where one does not have access to making a mapping. Which is a pretty
                    poor hosting provider that can not make a mapping for you, but it does
                    happen. But with CF8, you can make your own mappings in your
                    Application.cfc thus no longer need access to the ColdFusion
                    Administrator to make them.

                    • 7. Re: session scope issue.
                      CFmonger Level 1
                      I didn't know I could map things out in cf 8. I did it slightly in my application file. I will go read up on mapping in the cfc after I get this fixed.

                      I ran the cfdump. I got this:


                      auth = Fname, ID and IsLoggedin (they all had my info in them
                      cfid 34107214
                      cftoken 98569261

                      cont query RESULTSET query

                      created {ts '2009-03-30 18:34:32'}
                      sessionid Mycompany_34107214_98569261
                      times_logged_on 1
                      urltoken CFID=34107214&CFTOKEN=98569261

                      those are all that came back. So those are the ones defined?

                      • 8. Re: session scope issue.
                        CFmonger Level 1
                        I have it working now after doing the cfdump. I do have a question. Am I only allowed to carry 3 session variables in the struct area? It is only allowing me to use 3 session.auth.blablabla

                        is this a hosting setting? Or is this the only ones I am allowed to use, and to use more, I need to make a new struckt?
                        • 9. Re: session scope issue.
                          Level 7
                          my slightly (or, rather, highly) beer-infused guess would be that many
                          of your troubles have to do with this line in your onSessionStart() method:

                          <cfif IsValidUser.recordcount eq 1>


                          Azadi Saryev
                          Sabai-dee.com
                          http://www.sabai-dee.com/
                          • 10. Re: session scope issue.
                            CFmonger Level 1
                            what would change that too?

                            <cfif IsValidUser.recordcount eq 1>

                            RE: my slightly (or, rather, highly) beer-infused guess
                            Beer?? What kind? :)