Session variable is lost
I have developed a system and it had been used for 6 month
already, it started had problem last week, user can log in system ,
but after they click the each menu tab, the system give message
"please login system" because the session variable is lost.
I tried to debug the file and find that the session.userID is
there in the file where I set it, but it become empty in other
page.
The weird thing is that it did not happen to everyone, most
of user don't have problem, only a few user login and the session
variable is lost after they move from login page to different page,
when I did cfdump to output all session varibale, I found that
seesionid changed from page to page for those user who had problem,
the user who had problem now did not had problem before and I did
not change any code, I tried the internet setting which still did
not fix problem.
I am wondering whether it is related to cold fusion server
setting.
Please give some advice.
A good place to ask questions and advice about web development is at the mozillaZine Web Development/Standards Evangelism forum.<br />
The helpers at that forum are more knowledgeable about web development issues.<br />
You need to register at the mozillaZine forum site in order to post at that forum.<br />
See http://forums.mozillazine.org/viewforum.php?f=25
Similar Messages
-
Session variables being lost in IE7
has anyone else experienced, heard of, or solved this issue?
I have a web app thats been running fine for 5+ years and using session variables (i'm currently using CF8).
When a user goes from page to page the session is carried with them so i know their login info. However, recently some users (and not all) have complained that after logging in fine (meaning the sessions variables are created) and go to another page off of the main one only to get a timeout issue. I've compared everything from IE settings to server settings, etc. but found no differences. It's like once they navigate to another page in the app the sessions are not carried to the next page.
My timeout code is written so that if the session variables that are created at login are not present the message will show.
Some users had to revert back to IE6 and it worked fine. Is there something they did wrong with ther IE update or is there some sort of server hot fix for this?
Hope someone can help... i'm baffled.That forum you posted is definitely my issue! However it still is unresolved and the users have yet to pinpoint the cause (just like me). I too firmly believe its due to an IE7 upgrade b/c that is when this happens.
I've checked out the user cookies. I used this script and put it on my server and had the user try it:
http://www.bennadel.com/blog/730-Testing-ColdFusion-Session-Cookie-Acceptance.htm
The cookies are passing over to the next pages fine (this script showed a success on the user machines). But ye the sessions are lost in my app. the CFID and CFTOKEN are changing when the user clicks to go to another page after login.
In fact I have the CF8 server monitor up and running and when someone logs in I can see the their session info under the MEMORY USAGE --> Sessions by memory usage.
I'm finding that users with this issue can log in fine but the session never gets registered with the server?!? Their CFID and CFTOKEN is not showing as an active session and when they click to another page their CFID is always different than their original?
Any thoughts? -
Session variable being lost between parent and include file
I am running into the following scenario: Page 1 includes page 2, on both pages a session variable is returned to the screen. On occasions, page 2 throws an error on the session variable even though it was successfully called on page 1.
It only happens occassionally, and is very difficult to recreate in order to debug it in realtime. Has anyone run into something like this before? Thanks!semi star gazer wrote:
I am running into the following scenario: Page 1 includes page 2, on both pages a session variable is returned to the screen. On occasions, page 2 throws an error on the session variable even though it was successfully called on page 1.
It only happens occassionally, and is very difficult to recreate in order to debug it in realtime. Has anyone run into something like this before? Thanks!
I suspect it has less to do with page-inclusion, more to do with the code on page 2. Suppose, instead of using cfinclude, you had copied the code from page 2 into page 1, and made 1 page of it. Then the error would still have occurred. That's at least my theory.
Have a look at how the code in page 2 handles the session. There is bound to be something not quite right about it. What kind of error do you get anyway?
Runtime debugging can be as simple as this:
<cftry>
<cfinclude template="page2.cfm">
<cfcatch type="any">
<cfdump var="#cfcatch#"><cfabort>
</cfcatch>
<cftry> -
In my onApplicationStart method (which should tell you I'm
using an Application.cfC, not cfM), I have a cfif loop that passes
a value to a custom tag and returns a form variable. I'm then
reassigning that variable to a session variable. In IE, this works
just fine; in Firefox, though, the session variable is NOT being
set.
What might be causing this, and is there a workaround?The issue referred to an external CF custom tag, which called
another demo application to set a testing user. However, after
further testing, I realize that demo app won't function properly
with this application, so I've removed it.
Authentication is being set by an LDAP query; this
application that I am working on is going to be a sub-application
of a larger application, and the authenticated user is being set as
a session variable as well (I think...). However, I'm creating a
new session variable for this application, and simply passing the
authenticated user into my app (the outer app uses the variable
auth_user; I'm using the variable authuser, so there is no name
conflict).
Again, it is IE that is not persisting the session. Firefox
is doing so. I have looked in the advanced settings for IE, and
there is nothing about persisting session variables to check or
uncheck. Also, this application will probably be used mostly by
users using IE 6 with default settings, so I'm going to need to
find a workaround for IE.
Your help is most appreciated. -
Coldfusion session variables being lost
ok so when my users login I establish session variables. one of these is employee id. in my Application.cfc I have this at the top:
<cfscript>
this.name = "My App";
this.sessiontimeout=CreateTimeSpan("0", "0", "45", "0");
this.SESSIONMANAGEMENT="YES";
this.SetClientCookies = "true";
this.setDomainCookies = "true";
</cfscript>
i also set the timeout for sessions at 45 in the CFadmin too.
after a successfull login i capture their session.employeenumber by authenticating through our corporate LDAP. no problem there. note: this app has run smoothly for 6+ years now but something has recently gone wrong.
on every page i reference a file in my application directory called "check_session.cfm" like this:
<cfmodule template="/myApp/Tags/check_session.cfm">
In that file I have code that checks for the existence of the session.employee_number. if it doesn't exist they either timed out or book-marked a page in the app in which they need to be logged in to view:
<cflock timeout="30" throwontimeout="Yes" type="READONLY" scope="SESSION">
<!--- Checks to make sure the user has a session--->
<CFIF NOT IsDefined("Session.employee_number")>
<CFLOCATION URL="http://#cgi.HTTP_HOST#/myApp/LoginAgain.cfm">
</CFIF>
</cflock>
every now and then (i'd say on average 5 times per week) i get an error message from a user (i re-direct all errors to my email with diagnostic info). the error reads "Element EMPLOYEE_NUMBER is undefined in SESSION". when i look at the page the error came from i see my call to the check_session.cfm file about 50 lines above where this error happened when i tried to reference session.employee_number. why wouldn't it not find it and re-direct the user to the timeout page? i can never duplicate this error on my machine either... i always get the right result without the error message. its a random, sporadic, intermittent error.Here is the diagnostic error information. Where you see [omitted] i've changed the URL for the purposes of displaying this detail in a public forum:
struct
Browser
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E; MS-RTC LM 8)
DateTime
{ts '2011-02-21 20:59:21'}
Diagnostics
Element EMPLOYEENUMBER is undefined in SESSION. <br>The error occurred on line 162.
GeneratedContent
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <!-- DW6 --> <head> <!-- Copyright 2005 Macromedia, Inc. All rights reserved. --> <title>My Home</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <link rel="stylesheet" href="mm_training.css" type="text/css" /> <link rel="stylesheet" type="text/css" href="../template/organized.css"> </head> <body bgcolor="#ffffff" onLoad="onInit()">
HTTPReferer
http://[omitted]/mypage/myhome.cfm?CFID=101686&CFTOKEN=53097237
Mailto
[empty string]
Message
Element EMPLOYEENUMBER is undefined in SESSION.
QueryString
[empty string]
RemoteAddress
10.x.x.x [remote address omitted for purposes of this forum]
RootCause
struct
Detail
[empty string]
ErrNumber
0
Message
Element EMPLOYEENUMBER is undefined in SESSION.
Resolvedname
SESSION
StackTrace
coldfusion.runtime.UndefinedElementException: Element EMPLOYEENUMBER is undefined in SESSION. at coldfusion.runtime.CfJspPage.resolveCanonicalName(CfJspPage.java:1659) at coldfusion.runtime.CfJspPage._resolve(CfJspPage.java:1612) at coldfusion.runtime.CfJspPage._resolveAndAutoscalarize(CfJspPage.java:1747) at coldfusion.runtime.CfJspPage._resolveAndAutoscalarize(CfJspPage.java:1740) at cfmyhome2ecfm1641837815._factor14(D:\[path_omitted]\mypage\myhome.cfm:162) at cfmyhome2ecfm1641837815.runPage(D:\[path_omitted]\mypage\myhome.cfm:1) at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:196) at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:370) at coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65) at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:273) at coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48) at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40) at coldfusion.filter.PathFilter.invoke(PathFilter.java:86) at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:70) at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:2 8) at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46) at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22) at coldfusion.CfmServlet.service(CfmServlet.java:175) at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89) at jrun.servlet.FilterChain.doFilter(FilterChain.java:86) at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42 ) at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46) at jrun.servlet.FilterChain.doFilter(FilterChain.java:94) at jrun.servlet.FilterChain.service(FilterChain.java:101) at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106) at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42) at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286) at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543) at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203) at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320) at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428) at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266) at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
TagContext
array
1
struct
COLUMN
0
ID
LINE
162
RAW_TRACE
at cfmyhome2ecfm1641837815._factor14(D:\[path_omitted]\mypage\myhome.cfm:162)
TEMPLATE
D:\[path_omitted]\mypage\myhome.cfm
TYPE
CFML
2
struct
COLUMN
0
ID
CF_MYHOME
LINE
1
RAW_TRACE
at cfmyhome2ecfm1641837815.runPage(D:\[path_omitted]\mypage\myhome.cfm:1)
TEMPLATE
D:\[path_omitted]\mypage\myhome.cfm
TYPE
CFML
Type
Expression
element
EMPLOYEENUMBER
objectType
object of java.lang.Class
Class Name
java.lang.Class
Methods
Method
Return Type
asSubclass(java.lang.Class)
java.lang.Class
cast(java.lang.Object)
java.lang.Object
desiredAssertionStatus()
boolean
forName(java.lang.String, boolean, java.lang.ClassLoader)
java.lang.Class
forName(java.lang.String)
java.lang.Class
getAnnotation(java.lang.Class)
java.lang.annotation.Annotation
getAnnotations()
java.lang.annotation.Annotation[]
getCanonicalName()
java.lang.String
getClassLoader()
java.lang.ClassLoader
getClasses()
java.lang.Class[]
getComponentType()
java.lang.Class
getConstructor(java.lang.Class[])
java.lang.reflect.Constructor
getConstructors()
java.lang.reflect.Constructor[]
getDeclaredAnnotations()
java.lang.annotation.Annotation[]
getDeclaredClasses()
java.lang.Class[]
getDeclaredConstructor(java.lang.Class[])
java.lang.reflect.Constructor
getDeclaredConstructors()
java.lang.reflect.Constructor[]
getDeclaredField(java.lang.String)
java.lang.reflect.Field
getDeclaredFields()
java.lang.reflect.Field[]
getDeclaredMethod(java.lang.String, java.lang.Class[])
java.lang.reflect.Method
getDeclaredMethods()
java.lang.reflect.Method[]
getDeclaringClass()
java.lang.Class
getEnclosingClass()
java.lang.Class
getEnclosingConstructor()
java.lang.reflect.Constructor
getEnclosingMethod()
java.lang.reflect.Method
getEnumConstants()
java.lang.Object[]
getField(java.lang.String)
java.lang.reflect.Field
getFields()
java.lang.reflect.Field[]
getGenericInterfaces()
java.lang.reflect.Type[]
getGenericSuperclass()
java.lang.reflect.Type
getInterfaces()
java.lang.Class[]
getMethod(java.lang.String, java.lang.Class[])
java.lang.reflect.Method
getMethods()
java.lang.reflect.Method[]
getModifiers()
int
getName()
java.lang.String
getPackage()
java.lang.Package
getProtectionDomain()
java.security.ProtectionDomain
getResource(java.lang.String)
java.net.URL
getResourceAsStream(java.lang.String)
java.io.InputStream
getSigners()
java.lang.Object[]
getSimpleName()
java.lang.String
getSuperclass()
java.lang.Class
getTypeParameters()
java.lang.reflect.TypeVariable[]
isAnnotation()
boolean
isAnnotationPresent(java.lang.Class)
boolean
isAnonymousClass()
boolean
isArray()
boolean
isAssignableFrom(java.lang.Class)
boolean
isEnum()
boolean
isInstance(java.lang.Object)
boolean
isInterface()
boolean
isLocalClass()
boolean
isMemberClass()
boolean
isPrimitive()
boolean
isSynthetic()
boolean
newInstance()
java.lang.Object
toString()
java.lang.String
StackTrace
coldfusion.runtime.UndefinedElementException: Element EMPLOYEENUMBER is undefined in SESSION. at coldfusion.runtime.CfJspPage.resolveCanonicalName(CfJspPage.java:1659) at coldfusion.runtime.CfJspPage._resolve(CfJspPage.java:1612) at coldfusion.runtime.CfJspPage._resolveAndAutoscalarize(CfJspPage.java:1747) at coldfusion.runtime.CfJspPage._resolveAndAutoscalarize(CfJspPage.java:1740) at cfmyhome2ecfm1641837815._factor14(D:\[path_omitted]\mypage\myhome.cfm:162) at cfmyhome2ecfm1641837815.runPage(D:\[path_omitted]\mypage\myhome.cfm:1) at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:196) at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:370) at coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65) at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:273) at coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48) at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40) at coldfusion.filter.PathFilter.invoke(PathFilter.java:86) at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:70) at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:2 8) at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46) at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22) at coldfusion.CfmServlet.service(CfmServlet.java:175) at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89) at jrun.servlet.FilterChain.doFilter(FilterChain.java:86) at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42 ) at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46) at jrun.servlet.FilterChain.doFilter(FilterChain.java:94) at jrun.servlet.FilterChain.service(FilterChain.java:101) at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106) at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42) at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286) at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543) at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203) at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320) at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428) at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266) at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
TagContext
array
1
struct
COLUMN
0
ID
LINE
162
RAW_TRACE
at cfmyhome2ecfm1641837815._factor14(D:\[path_omitted]\mypage\myhome.cfm:162)
TEMPLATE
D:\[path_omitted]\mypage\myhome.cfm
TYPE
CFML
2
struct
COLUMN
0
ID
CF_MYHOME
LINE
1
RAW_TRACE
at cfmyhome2ecfm1641837815.runPage(D:\[path_omitted]\mypage\myhome.cfm:1)
TEMPLATE
D:\[path_omitted]\mypage\myhome.cfm
TYPE
CFML
Template
/[omitted]/mypage/myhome.cfm
Type
coldfusion.runtime.CfErrorWrapper -
Session Variables Randomly Lost between Pages
My web page uses a session to keep track of who logged in.
What I noticed is that the session variables stored appears and
disappears randomly on different pages. The wierd thing is that my
code is very simple.
For the life of me I can not figure this out....I go through a hosting company and do not expect them to do
any load balancing.
What are sticky sessions?
The cflocation tag also has the addtoken="yes" to it now and
symptoms persist.
I tested the case with
sessiontimeout=#CreateTimeSpan(0,2,0,0)# instead of the
sessiontimeout=#CreateTimeSpan(0,0,120,0)# and symptoms still
persist.
Any other suggestions? I think I ran into a wall
here.... -
Printing a Web Report Using Firefox Results in Lost Session Variables
Post Author: AVXFlyer
CA Forum: .NET
I'm having a problem with Firefox users printing a Crystal Report from a web site.
The first page of the web site collects information to be used in the report generation, for example, start date, end date, type of report etc. These are all various text boxes, drop down lists, radio buttons and check boxes. When the user clicks to show the report, everything works fine and the first page of the report will display. The code behind this page takes care of saving al the session variables into hidden fields on the page so the settings will be accessible when the user clicks to view the next page of the report.
On clicking to view the next page of the report, everything is still fine and the process works beautifully and I've had no problems.
A new problem has surfaced during the printing of these reports. Users who use IE6.0 or IE 7.0 do not have a problem, however, users who use Firefox do have a problem.
It seems that the print dialog which appears as part of the the Crystal web control manages to 'lose" the variables which were present on the calling page. It only does this with the Firefox browser. Calls on postback to retrieve the variables from the hidden fields result in 0's or empty strings ("").
Protected Sub Page_Init(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Init .... .... If Me.IsPostBack = False Then ... ... strDiscontinuedOnly = Request.Form.Item("ddlInvStatus") If strDiscontinuedOnly = Nothing Then isDiscontinuedOnly = False Else Select Case strDiscontinuedOnly Case 0 'All Inventory isDiscontinuedOnly = False Case 1 'Discontinued Inventory isDiscontinuedOnly = True Case 2 'Active Inventory isDiscontinuedOnly = False End Select End If Else 'Postback is true intRequestedReport = Request.Form.Item("fldReportID") strDiscontinuedOnly = Request.Form.Item("fldInvDiscItemsOnly") isDiscontinuedOnly = Request.Form.Item("fldInvDiscItemsOnly") ... ... end ifCan't explain it, but here are a few tests;
1) Try to print a saved data report
2) Try to print a report that is not using parameters
3) Try a different printer driver as "default"
4) Enable the option "Dissociate Formatting Page Size and Printer Paper Size" on the report
5) What format do you export to?
Ludek
Follow us on Twitter http://twitter.com/SAPCRNetSup
Got Enhancement ideas? Try the [SAP Idea Place|https://ideas.sap.com/community/products_and_solutions/crystalreports] -
Hi all,
I'm running a site that requires user login. I approached the building of this site as almost a complete newb to CF (and dynamic coding in general), and it's been a great learing experience (with lots of help from you guys).
However, I guess I never learned the correct way to handle a user login. It seemed to me that I could just test the user-entered credentials against those stored in a database, then set a session variable containg that user's record number. Then, not only would I have an easy way of knowing who this user was and therefore what info to serve him, but I could test for the existence of a valid login on every page in the protected folder, by adding this code to my application.cfc in that folder:
<cfset This.Sessionmanagement=true>
<cfset This.Sessiontimeout="#createtimespan(0,8,0,0)#">
<cfif NOT isDefined ("session.username") or NOT isDefined ("session.password") or NOT isDefined ("session.storeID")>
<cflocation url="../index.cfm" addtoken="no">
</cfif>
...and it goes on to run a query and verify that the session.username and session.password match for the store defined by session.storeID. If not, all session variables are cleared and it bounces you back to the login page. When the user clicks Logout, all I do is delete all the session variables.
This seemed to work great for like a year, but lately I've been getting reports that the login doesn't seem to persist for longer than approx. 20 minutes of inactivity. You can see I specified session variables to remain active for 8 hours (I know that seems like a drastically long login, but it's what's necessary for this application). I've only gotten this report from a few people, and I myself can't seem to duplicate it... I've tested an inactive login for 45 minutes now and it held.
SO: any reason you can think of why session variables would be spontaneously clearing for some people? Would having your router reset its IP address invalidate the session or something? Also, the problem seemed to begin appearing after my host upgraded all their servers to CF9... could there be any relation?
And on a more general note... did I go about this completely the wrong way to begin with? If so, what's the standard way to manage a login?
Lots of questions, I know... thanks very much for any answers or suggestions!
JoeIan,
Thanks very much - very helpful information.
Sounds like passing the tokens in every request is probably the way to go for this. I don't think it's likely that any users will be sharing links, unless they actually intend for the recipient to see their info anyway.
Is that all I would have to do, is add the tokens to every path? Would that guarantee that all the session variables would remain valid until timeout or being cleared?
Again, thanks, you've been really helpful.
Joe
On Jun 23, 2010 4:37 PM, Ian Skinner <[email protected]> wrote:
Unfortunately this is the nature of HTTP web applications. There is NO state maintained from HTTP request to request. This is by design in the HTTP protocol specifications.
ColdFusion provides two methods to circumvent this limitation. Each method has limitations and caveats. They both rely on the passing of tokens between the client and the server with every request. These tokens can be passed as cookies OR URL (GET) variables. You are using the cookie method, which is the simpler and most common. You may be experiencing the limitation of this method. If something happens to the cookies the session can be lost.
You could pass the (CFID & CFTOKEN) OR JESSIONID tokens through the URL query string with every request. This requires one to add these values to every link, form action, cflocation or other request path in our application. ColdFusion provides the session.urltoken variable to make this easier to do. The tokens will be visible to the user. Also if the links with an individual token is share with other users, via e-mail, chat, social networks, etc and one of these users utilize the link during the life of a session (8 hours apparently in your case). Then that user will access the session of the original user.
Cookie session management is by far the most common choice by CF developers. If these methods do not meet your needs you would need to go beyond the HTTP limitations of web applications. One might be able to accomplish this with a Flex|Air|Flash applications that can be configured to use a continuous connection to the server. Thus not suffer the stateless nature of the normal HTTP request-response cycle.
I do not know if a router resetting would cause cookies to be discarded or otherwise invalidated. But I would not think it is beyond the relm of possibilities. -
I've been having this problem for a long time so I thought
I'd post again and maybe get a hit this time.
We run off windows cfmx 7.x now fully patched, prior to that
we were on cfmx 6.x. We use session management only. Many times on
a new page hit the user loses about half of their session variables
up to all of them. Typically we have them test on the same machine
using different browsers. 99% of the time switching from IE to
firefox solves the problem, most of the users have had IE 6.x.
I experienced this problem myself for about 4 months time and
I could reproduce it daily when neccessary by simply opening a new
window to our application and the session information would persist
to the new window but the parent window would receive a new cfid
and lose all session information. New windows aren't the only
issue, we see a lot of lost session variables in one click, same
window, functionality. I've had hooks in place to test if the
domain was different on page hits removing the www or something but
so far have not found anything there. Each time a new CFID is being
issued and they are losing the original. We attempted to put CFID's
in the URL at all times but that leads to other issues and didn't
solve the problem for us anyhow.
This has been a serious issue for awhile and browsing these
forums I see others are experiencing it to some extent too. I'm
wondiner if anyone has any tips or can confirm the CF Admin/app.cfc
setup you use if you're not seeing any problems like this.right... response.sendRedirect(). sendRedirect works by sending a repsonse to the browser with a location header. The browser sees that header and makes a new, separate request to the new location. It's no different then typing the location in the location bar in the browser or clicking a link.
But that doesn't matter. If you have 2 web applications (aka 2 servlet contexts) on the server, they are not going to share sessions between them. So the first page is working off one session in one context with some ID. Then the redirect sends it to another page in a different context. That session ID is not valid in that 2nd context, so a new session is created like it was a first time user. And if you redirect back, you may not get the same session for the first context, unless the session ID cookie defines the path as well (I'm not sure offhand).
The "application" object is the servlet context, specifically a javax.servlet.ServletContext object (or implementation of the interface, technically). Nothing is shared between contexts.
Now, you can always share things in one way or another. Store things in a database or in files. Use a messaging system like SOAP or JMS. Maybe the server allows for contexts to access each other (they aren't shared in that case, just that you can get a named context and read what's stored in it).
Or don't have your separate contexts, use subdirectories in the same context. -
How to access a session variable just before rendering a JSF page???
Dear Sirs...
i am using jdeveloper 10.1.3.2 with JSF and ADF faces. i want to access a session variable and perform some processing just before rendering a page. how can i achieve this????
i am a little new to jsf, so i feel a little lost
thanks for any help in advance, and best regards<p>
Hi,
</p>
<p>
See example 60 "<strong>Triggering OnPageLoad-Style Code in a JSF Backing Bean Using ADF PagePhaseListener or PageController</strong>" on Steve's Muench blog.
</p>
<p>
Kuba
</p> -
hi ,
Is it not correct to assume that ones we close the browser the session losts and all the session variables also?
Actually i have design an authentication page which takes userid and password from user and supply this to servlet which after authentication sets a variable "validity" in session to true.
And in every other jsp page first i m checking this variableis true or not if not then i m redirecting it to authentication page with this tag
<jsp:forward page="authentication.jsp" />
now if i have authenticated correctly and close browser and try to access other pages directly then browser allows me to access any page and infact when i print "validity" variable from session then it prints true. That means even after closing the browsing session remains.
I tried to print session id then after opening a new browser it is showing the same browser.
In web.xml file i have mentioned the session time to 60 minutes . Is it because of this?. If it then how these standard sites sun, yahoo maintains session time out as well as browser dependent session.
Right now what i have to do is before setting the variable i have reset the variable to null. But wher shud i reset the validity variable . in destroy method?
manishYour problem is not due to session time out in the xml
file.
I think whenever you close your browser the session
does not exists.
Remember to invalidate the session while logging off.
It should workThat is not true. The session will exist for as long as the session timout option is set. Although invalidating the session at logoff is a good idea, there is no real method to force people to log off when the leave your site/close the browser.
There are a couple of possibilities why the session would still be used after a browser is closed, although normal behavior is to create a new one. The main reason is because the cookie on the browser that maintains the jsessionid is not destroyed. This often occurs in browsers like NS 7 with a "quick-load" app running in the taskbar area (next to the clock). These little parts of the application never close, and hold on to browser cache and cookies, so as to make it quicker to open and surf.
How do you ge around this? I do not know, except perhaps by preventing the session from using cookies for tracking... -
Session Variables Not Sticking
We are having issue with Session variables sticking from page to page in our Admin area of our website. You can login, but as soon as you click on another link (or anything) they drop.
It's not a code issue because we have the same code on 2 other networks and it works fine. We also have the same code on our backup website on the same network and it works fine. The backup is on a different server in a different location. So that's 3 networks the code is running fine on. It even worked on this network on the main website up until about 9 months ago. I've verified/reverified the code mutiple times. Something must have happened with security patches, some IIS setting, or other server related issue. We are running 2003 Windows Server Edition SP2 and Coldfusion version 8,0,1,195765.
The browsers used are IE7 and IE8. I don't think it's a browser issue because I can open another tab in the same browser and login and stay logged in on the website on another network. We have already gone into browser advanced settings to make sure session variables are allowed. We've also had a couple of other admins look at it from various locations throughout the Country and they also cannot stay logged in on our main site. They can all stay logged in on the backup site.
Frustrating beyond belief. I'm betting it's a Microsoft issue. Anybody out there have a similar issue or know what it might be?I've experienced a similar problem with CF8 using IE8. I've narrowed it down to being cookie related which causes CF to loose the existing session and create a new session. For me, I can consistently duplicate the issue by having multiple tabs open to various sites and then accessing my site to login -- login is successful but the first page request is treated as unauthorized because the session is empty. If I shutdown and restart the browser and bring up only my site, everything works fine. And once I'm logged in, I have never lost a session by opening other tabs. And this has never failed using Firefox or Safari. What is very strange is that I have multiple sites using CF8 and CF9 and only one exibits this behaviour.
-
Trouble with session variables
Hello, I am a user of cf for a number of years, but only
lately as of last week have I had the opportunity to work with CF
8.... wow the changes are quite intimidating. But none the less
press on is my thought, so now my trouble. Thing I did was to start
using application.cfc vs application.cfm, as it would appear that
is how things have come to pass. So I looked around and found this
code to set session management:
<cfcomponent output="false" hint="Handles application
level events.">
<!--- Set up the application. --->
<cfset THIS.Name = "AppCFC" />
<cfset THIS.ApplicationTimeout = CreateTimeSpan( 0, 0, 60,
0 ) />
<cfset THIS.SessionManagement = true />
<cfset THIS.SetClientCookies = false />
<CFSET request.dsn = "wlaw" />
</cfcomponent>
My problem is that while I can define a session variable on a
page that is not under the SSL cert, my session vars become
undefined once I land on a page under SSL.
Am I missing something? I dont recall this being a problem in
the past. All help is appreciated.
as to setting the var, it is done on an index page which
calls another page in a different directory, but under the same
server,.
<cfset session.ref="foo">
the only changes are that the result page or action page if
you prefer is now under the ssl and the var becomes undefined.
thank you in advance
Mike Doolyis the object being put in session context serializable.. Also in
other to avoid any generated classes issues delete all the classes
whcih weblogic generates as part of deploying the application. That
should atleast mitigate one explanation for your problem.
Hope this helps
~a
[email protected] (Gabriel Ornelas De Luna) wrote in message news:<[email protected]>...
> Hello everyone,
> I'm currently working with WL 6.1 and I'm having trouble with the
> persistence of some session variables which are initially created
> correctly on the server side, and they get lost (null) once the Web
> clients need to access its value.
> This is the error which is being written on a log file:
>
> <May 13, 2003 3:05:09 PM EDT> <Error> <HTTP Session> <Could not
> deserialize session data
> java.io.NotSerializableException:
>
> Things were woriking perfectly, but suddenly after bouncing the server
> instance several times, in order to pick up the latest changes in my
> classes, I started to get this error once the server tries to load the
> jsp.
>
> JSP Code:
> <%
> Integer businessID = (Integer) session.getAttribute("business_id" );
> Util.isCapitolBusiness(businessID.intValue())
> %>
>
> I appreciate your help.
> Regards.
> g.
-
Session varaible data lost!
Hi,
I have a situation where I have A servlet set with some session variables from here another page url is called which is resides in a different machine and server. Again when A servlet is called through a url from the 2nd machine , the original session data set in A servlet is lost?
Any idea how the session data in A servlet could be retained?From all that I could understand from your questions, there are two servlets running in two different machines. They can never obtain each others session data.
-
Accessing session variables PHP
I am trying to access a session variable from a log in form (using the Log In User Server Behavior) and am lost. I simply want to display the users information in the target page. I read in another discussion that I had to bind the variable to the target page, which I did, but that didn't fix it.
Please help.
Here is my loginFormAction code:
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
if (isset($_POST['email'])) {
$loginUsername=$_POST['email'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "owner.php";
$MM_redirectLoginFailed = "register.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_petriever, $petriever);
$LoginRS__query=sprintf("SELECT email, password FROM owners WHERE email=%s AND password=%s",
GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
$LoginRS = mysql_query($LoginRS__query, $petriever) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
header("Location: " . $MM_redirectLoginSuccess );
else {
header("Location: ". $MM_redirectLoginFailed );
?>Wherever you want to display the logged-in username simply place this on the first line of a .php page to start the session:
<?php session_start(); ?>
Then place this code wherever you want to display the username:
<?php echo $_SESSION['MM_Username']; ?>
Maybe you are looking for
-
How to accept multiple languages in a single report.
Hi, We have a Web I report built based on universe(Oracle DB- Utf-8 codepage), In Data base tables there is a data with multiple languages. But when I run Web I report it is showing the data which is in english but data other than english is showing
-
Invoking ALDSP 3.0 Services using Axis
Hi All, I have exposed some services using ALDSP 3 studio which returns multiple records. These are the steps I followed: 1) Created a Physical Data Service using Relational DB (Oracle 9i). Imported some tables like CUSTOMERS, ORDERS etc. 2) Then ope
-
Hi, I need to configure system for auto GR as soon as TO is confirmed. Storage location is HU managed. Thanks R
-
COPA issue - segment characterristics
Hi Experts, We have observed COPA tables contains more data. Our client is using SAP since 2010 but COPA tables data growing with millions of records. We started analyzing solutions to reduce data flow. One of our consultant suggested to make changes
-
trying to set up new macbook and has frozen during the process of using windows migration, now can,t get it to go