3 Replies Latest reply on Sep 26, 2017 1:20 PM by BKBK

    Session variable problems

    bkmzb93163622 Level 1

      CFBuilder admin storage
      15cdb5dcb6.jpg

      Application.cfm

      34ed7586e1.jpg

      Login,cfm

      392afe95fd.jpg

      part of page when i want to use login including.

      49bc67a960.jpg

       

      Hello everyone, please help me understand these sessions' behavior.
      The whole problem consists in attempting to pass variables from one page to another.
      So after login i don't see the session.user in session struct.
      How can i pass this?

      Have already tried different browsers.

        • 1. Re: Session variable problems
          haxtbh Level 4

          You are setting session timeout in the application to 10 seconds. It will time out after this amount of time, which is probably around the time you take to navigate after signing in.

          • 2. Re: Session variable problems
            bkmzb93163622 Level 1

            It is just a tryings to prevent this misunderstandable actions. Previously it was 20 minuts. All in all it works , but nothing was changed in passing the variables betwenn page, There are no variable " Session.user "

            • 3. Re: Session variable problems
              BKBK Adobe Community Professional & MVP

              I see no need for the following code:

               

              <cfif structkeyexists(session, "loggedIn")>

                  <cfset session.loggedIn = "yes">

              <cfelse>

                  <cfset session.loggedIn = "no">

              </cfif>

               

              In fact, there might a problem with the design. When the user comes in at the start, structkeyexists(session, "loggedIn") is No. This code sets session.loggedIn to No. But by doing so, the code makes structkeyexists(session, "loggedIn") to become true. And, because structkeyexists(session, "loggedIn") is true at the next request, session.loggedIn will be Yes! In this way, the user goes from no defined session to a logged-in session without having filled the login form.

               

              I would delete this code. I would then change the logic for showing the form to:

               

              <cfif structkeyexists(session, "loggedIn") is "no" or session.loggedIn is "no">

                  <cfinclude template="login.cfm">

              </cfif>

               

              On a different note, tighten your security with:

                  WHERE login=<cfqueryparam value="#form.login#" cfsqltype="CF_SQL_VARCHAR">