Do all session variables fail or just certain one(s)?Session state can be dissabled in the ColdFusion administrator, that would affect all variables on the entire site.
I am currently using only one session variable and CF Admin session settings are enabled.I am not sure why my session variable are not retaining any value. I have tried to output a session.USERID value and it shows me desired result but seems like it is not passing on value of Session.USERID to Authentication page.
Please if you can suggest me how to pass session values from one page to another, or if I have a mistake on sessioin variable syntax.
Add <cfdump var="#session#"> to your code.
Run your applicaiton several times.
Pay close attention to the session.cfid and session.cftoken OR session.jsessionid values (depends on how you have session state set up.)
If these values change with every request, your browser is not accepting and returning the cookies that ColdFusion tries to use to maintain session state. Without these cookies, ColdFusion can not know that a new reqeust is part of a session started with an earlier request.
Message was edited by: Ian Skinner<br/> I see on your other thread that someone noticed that you have "setClientCookies=false" which means these cookies are not even being sent to the browser. That is your problem.
I am attaching my codes and this time I defined my session in Application.cfm , please let me know If I am missing any thing. I have also used Cfdump and it shows me these values (ss=username ).
struct lid ss sessionid d230101890a1be202faf742347547313157b urltoken CFID=2115&CFTOKEN=15514850&jsessionid=d230101890a1be202faf742347547313157b userid ss
So I am able to get loginId info into "lid" so it should assign values into Session.USERID in Security.cfm. I can use session.sessionID if it is easy to get values. Please review and suggest me something since I am new at CF and trying not to spend too much time on sessions.
My Application.cfm looks like this:
SESSIONTIMEOUT=#CreateTimeSpan(0, 0, 600, 0)#
<CFIF IsDefined("session.USERID") EQ FALSE>
<CFIF IsDefined("Session.LID") EQ FALSE>
<CFLOCK SCOPE="session" TIMEOUT="30" TYPE="Exclusive">
<cflock scope="session" timeout="30" type="ReadOnly">
<cfset Session.LID="#Form.j_username#">(Login name should be assinged to Session so that security.cfm passes and allows me to login to webreports)
<cfset Session.USERID= "#Session.LID#">
<cfdump var="#session#" >
Please pay attention to the response that were given to you
(especially mine about SetClientCookies="No" and Ian's about making
sure the CFID and CFTOKEN values stay the same as you navigate from
page to page in your application). If you're not familiar with how
sessions and cookies interact please read "Managing the client state"
in the CF dev guide :
Regarding your "I did not use CFID and CFTOKEN any where in my
coding": combined that with SetClientCookies="No" and you have a
problem. The link that above offers an introduction on sessions from a
CF point of view.
One thing that I've found useful to do in my apps (corny though it may sound) is to define a variable "Session.exists = 'yes'."
Then, at the top of all of the relevant pages, I check (using StructKeyExists) to make sure that the Session object has an "exists" member. If it does not, then I know that either the session has not been started, or it has expired. And I redirect the user someplace to handle it.
That "someplace" is a cfm that the user ordinarily would never see. And before I go there, I set another dummy value (say, "Session.foo") in some session-variable. Thus, when we arrive at that "someplace":
- If we are here, then it's because the session expired or could not be established.
- If we are here, and Session.foo does exist, then it was an ordinary timeout. We delete the Session.foo variable, then redirect to a login screen with an appropriate message.
- If we are here, but Session.foo does not exist, then there's something wrong with session-management on the client computer and we redirect with a "cookies are required" message.
All of this can be neatly handled in the boilerplate ("write it and fuhgeddaboudit") prologue of every-page, i.e. a cfincluded member.
(Nope, I don't have code to post.)