Copy link to clipboard
Copied
I am having issues with Session variables since I am not able to set a session variable. My company Intranet page checks for a session variable and then allows users to login. Please if any one can help me with code or guide what I am doing wrong.
I have tried updating session variable in application.cfm but so far no luck..
Auth.cfm
<cfapplication name="LID"
ClientManagement="No"
SessionManagement="Yes"
SessionTimeout="#CreateTimeSpan(0,0,30,0)#"
SetClientCookies="No">
<cflock scope="session" timeout="30" type="ReadOnly">
<cfset Session.LID="#cflogin.name#">
</cflock>
<cfset Session.USERID= "Request.ses.LID"> ( Session.USERID is set to check user and allow their access)
Copy link to clipboard
Copied
Do all session variables fail or just certain one(s)?
Copy link to clipboard
Copied
Hello Ian,
I am currently using only one session variable and CF Admin session settings are enabled.I am not sure why my session variable are not retaining any value. I have tried to output a session.USERID value and it shows me desired result but seems like it is not passing on value of Session.USERID to Authentication page.
Please if you can suggest me how to pass session values from one page to another, or if I have a mistake on sessioin variable syntax.
Copy link to clipboard
Copied
Add <cfdump var="#session#"> to your code.
Run your applicaiton several times.
Pay close attention to the session.cfid and session.cftoken OR session.jsessionid values (depends on how you have session state set up.)
If these values change with every request, your browser is not accepting and returning the cookies that ColdFusion tries to use to maintain session state. Without these cookies, ColdFusion can not know that a new reqeust is part of a session started with an earlier request.
Message was edited by: Ian Skinner<br/> I see on your other thread that someone noticed that you have "setClientCookies=false" which means these cookies are not even being sent to the browser. That is your problem.
Copy link to clipboard
Copied
Hello Ian,
I am attaching my codes and this time I defined my session in Application.cfm , please let me know If I am missing any thing. I have also used Cfdump and it shows me these values (ss=username ).
LOGIN <
struct | |
---|---|
lid | ss |
sessionid | d230101890a1be202faf742347547313157b |
urltoken | CFID=2115&CFTOKEN=15514850&jsessionid=d230101890a1be202faf742347547313157b |
userid | ss |
So I am able to get loginId info into "lid" so it should assign values into Session.USERID in Security.cfm. I can use session.sessionID if it is easy to get values. Please review and suggest me something since I am new at CF and trying not to spend too much time on sessions.
My Application.cfm looks like this:
<CFAPPLICATION NAME="WebReports"
SESSIONTIMEOUT=#CreateTimeSpan(0, 0, 600, 0)#
SESSIONMANAGEMENT="yes"
ClientManagement="Yes"
SetClientCookies="No">
<CFIF IsDefined("session.USERID") EQ FALSE>
<CFSET session.USERID="">
</CFIF>
<CFIF IsDefined("Session.LID") EQ FALSE>
<CFSET Session.LID="">
</CFIF>
And Security.cfm
<CFLOCK SCOPE="session" TIMEOUT="30" TYPE="Exclusive">
<CFSET session.USERID="#Session.LID#">
</CFLOCK>
Login.cfm
<cflock scope="session" timeout="30" type="ReadOnly">
<cfset Session.LID="#Form.j_username#">(Login name should be assinged to Session so that security.cfm passes and allows me to login to webreports)
<cfset Session.USERID= "#Session.LID#">
<cfdump var="#session#" >
</cflock>
Copy link to clipboard
Copied
Please pay attention to the response that were given to you
(especially mine about SetClientCookies="No" and Ian's about making
sure the CFID and CFTOKEN values stay the same as you navigate from
page to page in your application). If you're not familiar with how
sessions and cookies interact please read "Managing the client state"
in the CF dev guide :
http://livedocs.adobe.com/coldfusion/8/htmldocs/sharedVars_03.html .
Regarding your "I did not use CFID and CFTOKEN any where in my
coding": combined that with SetClientCookies="No" and you have a
problem. The link that above offers an introduction on sessions from a
CF point of view.
Mack
Copy link to clipboard
Copied
One thing that I've found useful to do in my apps (corny though it may sound) is to define a variable "Session.exists = 'yes'."
Then, at the top of all of the relevant pages, I check (using StructKeyExists) to make sure that the Session object has an "exists" member. If it does not, then I know that either the session has not been started, or it has expired. And I redirect the user someplace to handle it.
That "someplace" is a cfm that the user ordinarily would never see. And before I go there, I set another dummy value (say, "Session.foo") in some session-variable. Thus, when we arrive at that "someplace":
All of this can be neatly handled in the boilerplate ("write it and fuhgeddaboudit") prologue of every-page, i.e. a cfincluded member.
(Nope, I don't have code to post.)