Session variable assingment issue

Report · Jun 16, 2009

I am having issues with Session variables since I am not able to set a session variable. My company Intranet page checks for a session variable and then allows users to login. Please if any one can help me with code or guide what I am doing wrong.

I have tried updating session variable in application.cfm but so far no luck..

Auth.cfm

<cfapplication name="LID"

ClientManagement="No"

SessionManagement="Yes"

SessionTimeout="#CreateTimeSpan(0,0,30,0)#"

SetClientCookies="No">

</cflock>

<cfset Session.USERID= "Request.ses.LID"> ( Session.USERID is set to check user and allow their access)

Report · Jun 16, 2009

Do all session variables fail or just certain one(s)?

Session state can be dissabled in the ColdFusion administrator, that would affect all variables on the entire site.

Report · Jun 16, 2009

Hello Ian,

I am currently using only one session variable and CF Admin session settings are enabled.I am not sure why my session variable are not retaining any value. I have tried to output a session.USERID value and it shows me desired result but seems like it is not passing on value of Session.USERID to Authentication page.

Please if you can suggest me how to pass session values from one page to another, or if I have a mistake on sessioin variable syntax.

Report · Jun 17, 2009

Add <cfdump var="#session#"> to your code.

Run your applicaiton several times.

Pay close attention to the session.cfid and session.cftoken OR session.jsessionid values (depends on how you have session state set up.)

If these values change with every request, your browser is not accepting and returning the cookies that ColdFusion tries to use to maintain session state. Without these cookies, ColdFusion can not know that a new reqeust is part of a session started with an earlier request.

Message was edited by: Ian Skinner<br/> I see on your other thread that someone noticed that you have "setClientCookies=false" which means these cookies are not even being sent to the browser. That is your problem.

Report · Jun 17, 2009

Hello Ian,

I am attaching my codes and this time I defined my session in Application.cfm , please let me know If I am missing any thing. I have also used Cfdump and it shows me these values (ss=username ).

LOGIN <

struct
lid	ss
sessionid	d230101890a1be202faf742347547313157b
urltoken	CFID=2115&CFTOKEN=15514850&jsessionid=d230101890a1be202faf742347547313157b
userid	ss

So I am able to get loginId info into "lid" so it should assign values into Session.USERID in Security.cfm. I can use session.sessionID if it is easy to get values. Please review and suggest me something since I am new at CF and trying not to spend too much time on sessions.

My Application.cfm looks like this:

<CFAPPLICATION NAME="WebReports"
SESSIONTIMEOUT=#CreateTimeSpan(0, 0, 600, 0)#
SESSIONMANAGEMENT="yes"

ClientManagement="Yes"

SetClientCookies="No">

And Security.cfm

Login.cfm

<cflock scope="session" timeout="30" type="ReadOnly">
        <cfset Session.LID="#Form.j_username#">(Login name should be assinged to Session so that security.cfm passes and allows me to login to webreports)
        <cfset Session.USERID= "#Session.LID#">
        <cfdump var="#session#" >

</cflock>

Report · Jun 17, 2009

Please pay attention to the response that were given to you

(especially mine about SetClientCookies="No" and Ian's about making

sure the CFID and CFTOKEN values stay the same as you navigate from

page to page in your application). If you're not familiar with how

sessions and cookies interact please read "Managing the client state"

in the CF dev guide :

http://livedocs.adobe.com/coldfusion/8/htmldocs/sharedVars_03.html .

Regarding your "I did not use CFID and CFTOKEN any where in my

coding": combined that with SetClientCookies="No" and you have a

problem. The link that above offers an introduction on sessions from a

CF point of view.

Mack

Report · Jun 22, 2009

One thing that I've found useful to do in my apps (corny though it may sound) is to define a variable "Session.exists = 'yes'."

Then, at the top of all of the relevant pages, I check (using StructKeyExists) to make sure that the Session object has an "exists" member. If it does not, then I know that either the session has not been started, or it has expired. And I redirect the user someplace to handle it.

That "someplace" is a cfm that the user ordinarily would never see. And before I go there, I set another dummy value (say, "Session.foo") in some session-variable. Thus, when we arrive at that "someplace":

If we are here, then it's because the session expired or could not be established.
If we are here, and Session.foo does exist, then it was an ordinary timeout. We delete the Session.foo variable, then redirect to a login screen with an appropriate message.
If we are here, but Session.foo does not exist, then there's something wrong with session-management on the client computer and we redirect with a "cookies are required" message.

All of this can be neatly handled in the boilerplate ("write it and fuhgeddaboudit") prologue of every-page, i.e. a cfincluded member.

(Nope, I don't have code to post.)

Adobe Community

Session variable assingment issue