6 Replies Latest reply on Jun 22, 2009 8:03 AM by TLC-IT

    Session variable assingment issue


      I am having issues with Session variables since I am not able to set a session variable. My company Intranet page checks for a session variable and then allows users to login. Please if any one can help me with code or guide what I am doing wrong.


      I have tried updating session variable in application.cfm but so far no luck..




      <cfapplication name="LID"







      <cflock scope="session" timeout="30" type="ReadOnly">

              <cfset Session.LID="#cflogin.name#">



                              <cfset Session.USERID= "Request.ses.LID"> ( Session.USERID is set to check user and allow their access)



        • 1. Re: Session variable assingment issue
          ilssac Level 5

          Do all session variables fail or just certain one(s)?


          Session state can be dissabled in the ColdFusion administrator, that would affect all variables on the entire site.

          • 2. Re: Session variable assingment issue
            shujaatsyed7 Level 1

            Hello Ian,


            I am currently using only one session variable and CF Admin session settings are enabled.I am not sure why my session variable are not retaining any value. I have tried to output a session.USERID value and it shows me desired result but seems like it is not passing on value of Session.USERID to Authentication page.


            Please if you can suggest me how to pass session values from one page to another, or if I have a mistake on sessioin variable syntax.   

            • 3. Re: Session variable assingment issue
              ilssac Level 5

              Add <cfdump var="#session#"> to your code.


              Run your applicaiton several times.


              Pay close attention to the session.cfid and session.cftoken OR session.jsessionid values (depends on how you have session state set up.)


              If these values change with every request, your browser is not accepting and returning the cookies that ColdFusion tries to use to maintain session state.  Without these cookies, ColdFusion can not know that a new reqeust is part of a session started with an earlier request.


              Message was edited by: Ian Skinner<br/> I see on your other thread that someone noticed that you have "setClientCookies=false" which means these cookies are not even being sent to the browser.  That is your problem.

              • 4. Re: Session variable assingment issue
                shujaatsyed7 Level 1

                Hello Ian,


                  I am attaching my codes and this time I defined my session in Application.cfm , please let me know If I am missing any thing. I have also used Cfdump and it shows me these values (ss=username ).


                LOGIN <



                So I am able to get loginId info into "lid" so it should assign values into Session.USERID in Security.cfm. I can use session.sessionID if it is easy to get values. Please review and suggest me something since I am new at CF and trying not to spend too much time on sessions.



                My Application.cfm looks like this:



                <CFAPPLICATION  NAME="WebReports"
                  SESSIONTIMEOUT=#CreateTimeSpan(0, 0, 600, 0)#




                <CFIF IsDefined("session.USERID") EQ FALSE>
                  <CFSET session.USERID="">


                <CFIF IsDefined("Session.LID") EQ FALSE>
                  <CFSET Session.LID="">

                And Security.cfm


                <CFLOCK SCOPE="session" TIMEOUT="30" TYPE="Exclusive">
                <CFSET session.USERID="#Session.LID#">



                <cflock scope="session" timeout="30" type="ReadOnly">
                        <cfset Session.LID="#Form.j_username#">(Login name should be assinged to Session so that security.cfm passes and allows me to login to webreports)
                        <cfset Session.USERID= "#Session.LID#">
                        <cfdump var="#session#" >


                • 5. Re: Session variable assingment issue
                  mack_ Level 3

                  Please pay attention to the response that were given to you

                  (especially mine about SetClientCookies="No" and Ian's about making

                  sure the CFID and CFTOKEN values stay the same as you navigate from

                  page to page in your application). If you're not familiar with how

                  sessions and cookies interact please read "Managing the client state"

                  in the CF dev guide :

                  http://livedocs.adobe.com/coldfusion/8/htmldocs/sharedVars_03.html .


                  Regarding your "I did not use CFID and CFTOKEN any where in my

                  coding": combined that with SetClientCookies="No" and you have a

                  problem. The link that above offers an introduction on sessions from a

                  CF point of view.



                  • 6. Re: Session variable assingment issue
                    TLC-IT Level 3

                    One thing that I've found useful to do in my apps (corny though it may sound) is to define a variable "Session.exists = 'yes'."


                    Then, at the top of all of the relevant pages, I check (using StructKeyExists) to make sure that the Session object has an "exists" member.  If it does not, then I know that either the session has not been started, or it has expired.  And I redirect the user someplace to handle it.


                    That "someplace" is a cfm that the user ordinarily would never see.  And before I go there, I set another dummy value (say, "Session.foo") in some session-variable.  Thus, when we arrive at that "someplace":

                    1. If we are here, then it's because the session expired or could not be established.
                    2. If we are here, and Session.foo does exist, then it was an ordinary timeout.  We delete the Session.foo variable, then redirect to a login screen with an appropriate message.
                    3. If we are here, but Session.foo does not exist, then there's something wrong with session-management on the client computer and we redirect with a "cookies are required" message.


                    All of this can be neatly handled in the boilerplate ("write it and fuhgeddaboudit") prologue of every-page, i.e. a cfincluded member.


                    (Nope, I don't have code to post.)