Session variable is lost

I have developed a system and it had been used for 6 month
already, it started had problem last week, user can log in system ,
but after they click the each menu tab, the system give message
"please login system" because the session variable is lost.
I tried to debug the file and find that the session.userID is
there in the file where I set it, but it become empty in other
page.
The weird thing is that it did not happen to everyone, most
of user don't have problem, only a few user login and the session
variable is lost after they move from login page to different page,
when I did cfdump to output all session varibale, I found that
seesionid changed from page to page for those user who had problem,
the user who had problem now did not had problem before and I did
not change any code, I tried the internet setting which still did
not fix problem.
I am wondering whether it is related to cold fusion server
setting.
Please give some advice.

A good place to ask questions and advice about web development is at the mozillaZine Web Development/Standards Evangelism forum.<br />
The helpers at that forum are more knowledgeable about web development issues.<br />
You need to register at the mozillaZine forum site in order to post at that forum.<br />
See http://forums.mozillazine.org/viewforum.php?f=25

Similar Messages

  • Session variables being lost in IE7

    has anyone else experienced, heard of, or solved this issue?
    I have a web app thats been running fine for 5+ years and using session variables (i'm currently using CF8).
    When a user goes from page to page the session is carried with them so i know their login info. However, recently some users (and not all) have complained that after logging in fine (meaning the sessions variables are created) and go to another page off of the main one only to get a timeout issue. I've compared everything from IE settings to server settings, etc. but found no differences. It's like once they navigate to another page in the app the sessions are not carried to the next page.
    My timeout code is written so that if the session variables that are created at login are not present the message will show.
    Some users had to revert back to IE6 and it worked fine. Is there something they did wrong with ther IE update or is there some sort of server hot fix for this?
    Hope someone can help... i'm baffled.

    That forum you posted is definitely my issue! However it still is unresolved and the users have yet to pinpoint the cause (just like me). I too firmly believe its due to an IE7 upgrade b/c that is when this happens.
    I've checked out the user cookies. I used this script and put it on my server and had the user try it:
    http://www.bennadel.com/blog/730-Testing-ColdFusion-Session-Cookie-Acceptance.htm
    The cookies are passing over to the next pages fine (this script showed a success on the user machines). But ye the sessions are lost in my app. the CFID and CFTOKEN are changing when the user clicks to go to another page after login.
    In fact I have the CF8 server monitor up and running and when someone logs in I can see the their session info under the MEMORY USAGE --> Sessions by memory usage.
    I'm finding that users with this issue can log in fine but the session never gets registered with the server?!? Their CFID and CFTOKEN is not showing as an active session and when they click to another page their CFID is always different than their original?
    Any thoughts?

  • Session variable being lost between parent and include file

    I am running into the following scenario: Page 1 includes page 2, on both pages a session variable is returned to the screen. On occasions, page 2 throws an error on the session variable even though it was successfully called on page 1.
    It only happens occassionally, and is very difficult to recreate in order to debug it in realtime. Has anyone run into something like this before? Thanks!

    semi star gazer wrote:
    I am running into the following scenario: Page 1 includes page 2, on both pages a session variable is returned to the screen. On occasions, page 2 throws an error on the session variable even though it was successfully called on page 1.
    It only happens occassionally, and is very difficult to recreate in order to debug it in realtime. Has anyone run into something like this before? Thanks!
    I suspect it has less to do with page-inclusion, more to do with the code on page 2. Suppose, instead of using cfinclude, you had copied the code from page 2 into page 1, and made 1 page of it. Then the error would still have occurred. That's at least my theory.
    Have a look at how the code in page 2 handles the session. There is bound to be something not quite right about it. What kind of error do you get anyway?
    Runtime debugging can be as simple as this:
    <cftry>
    <cfinclude template="page2.cfm">
    <cfcatch type="any">
    <cfdump var="#cfcatch#"><cfabort>
    </cfcatch>
    <cftry>

  • Session variables being lost

    In my onApplicationStart method (which should tell you I'm
    using an Application.cfC, not cfM), I have a cfif loop that passes
    a value to a custom tag and returns a form variable. I'm then
    reassigning that variable to a session variable. In IE, this works
    just fine; in Firefox, though, the session variable is NOT being
    set.
    What might be causing this, and is there a workaround?

    The issue referred to an external CF custom tag, which called
    another demo application to set a testing user. However, after
    further testing, I realize that demo app won't function properly
    with this application, so I've removed it.
    Authentication is being set by an LDAP query; this
    application that I am working on is going to be a sub-application
    of a larger application, and the authenticated user is being set as
    a session variable as well (I think...). However, I'm creating a
    new session variable for this application, and simply passing the
    authenticated user into my app (the outer app uses the variable
    auth_user; I'm using the variable authuser, so there is no name
    conflict).
    Again, it is IE that is not persisting the session. Firefox
    is doing so. I have looked in the advanced settings for IE, and
    there is nothing about persisting session variables to check or
    uncheck. Also, this application will probably be used mostly by
    users using IE 6 with default settings, so I'm going to need to
    find a workaround for IE.
    Your help is most appreciated.

  • Coldfusion session variables being lost

    ok so when my users login I establish session variables. one of these is employee id. in my Application.cfc I have this at the top:
    <cfscript>
    this.name = "My App";
    this.sessiontimeout=CreateTimeSpan("0", "0", "45", "0");
    this.SESSIONMANAGEMENT="YES";
    this.SetClientCookies = "true";
    this.setDomainCookies = "true";
    </cfscript>
    i also set the timeout for sessions at 45 in the CFadmin too.
    after a successfull login i capture their session.employeenumber by authenticating through our corporate LDAP. no problem there. note: this app has run smoothly for 6+ years now but something has recently gone wrong.
    on every page i reference a file in my application directory called "check_session.cfm" like this:
    <cfmodule template="/myApp/Tags/check_session.cfm">
    In that file I have code that checks for the existence of the session.employee_number. if it doesn't exist they either timed out or book-marked a page in the app in which they need to be logged in to view:
    <cflock timeout="30" throwontimeout="Yes" type="READONLY" scope="SESSION">
    <!--- Checks to make sure the user has a session--->
    <CFIF NOT IsDefined("Session.employee_number")>
         <CFLOCATION URL="http://#cgi.HTTP_HOST#/myApp/LoginAgain.cfm">
    </CFIF>
    </cflock>
    every now and then (i'd say on average 5 times per week) i get an error message from a user (i re-direct all errors to my email with diagnostic info). the error reads "Element EMPLOYEE_NUMBER is undefined in SESSION". when i look at the page the error came from i see my call to the check_session.cfm file about 50 lines above where this error happened when i tried to reference session.employee_number. why wouldn't it not find it and re-direct the user to the timeout page? i can never duplicate this error on my machine either... i always get the right result without the error message. its a random, sporadic, intermittent error.

    Here is the diagnostic error information. Where you see [omitted] i've changed the URL for the purposes of displaying this detail in a public forum:
    struct
    Browser
    Mozilla/4.0   (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR   2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0;   InfoPath.2; .NET4.0C; .NET4.0E; MS-RTC LM 8)
    DateTime
    {ts   '2011-02-21 20:59:21'}
    Diagnostics
    Element   EMPLOYEENUMBER is undefined in SESSION. <br>The error occurred on line   162.
    GeneratedContent
    <!DOCTYPE   html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">   <html xmlns="http://www.w3.org/1999/xhtml">   <!-- DW6 --> <head> <!-- Copyright 2005 Macromedia, Inc. All   rights reserved. --> <title>My Home</title> <meta   http-equiv="Content-Type" content="text/html;   charset=iso-8859-1" /> <link rel="stylesheet"   href="mm_training.css" type="text/css" /> <link   rel="stylesheet" type="text/css" href="../template/organized.css">   </head> <body bgcolor="#ffffff"   onLoad="onInit()">
    HTTPReferer
    http://[omitted]/mypage/myhome.cfm?CFID=101686&CFTOKEN=53097237
    Mailto
    [empty   string]
    Message
    Element   EMPLOYEENUMBER is undefined in SESSION.
    QueryString
    [empty   string]
    RemoteAddress
    10.x.x.x   [remote address omitted for purposes of this forum]
    RootCause
    struct
    Detail
    [empty     string]
    ErrNumber
    0
    Message
    Element     EMPLOYEENUMBER is undefined in SESSION.
    Resolvedname
    SESSION
    StackTrace
    coldfusion.runtime.UndefinedElementException:     Element EMPLOYEENUMBER is undefined in SESSION. at     coldfusion.runtime.CfJspPage.resolveCanonicalName(CfJspPage.java:1659) at     coldfusion.runtime.CfJspPage._resolve(CfJspPage.java:1612) at     coldfusion.runtime.CfJspPage._resolveAndAutoscalarize(CfJspPage.java:1747)     at     coldfusion.runtime.CfJspPage._resolveAndAutoscalarize(CfJspPage.java:1740)     at cfmyhome2ecfm1641837815._factor14(D:\[path_omitted]\mypage\myhome.cfm:162)     at cfmyhome2ecfm1641837815.runPage(D:\[path_omitted]\mypage\myhome.cfm:1)     at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:196) at     coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:370) at     coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65) at     coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:273) at     coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48)     at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40) at     coldfusion.filter.PathFilter.invoke(PathFilter.java:86) at     coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:70) at     coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:2 8)     at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at     coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46) at     coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at     coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22) at     coldfusion.CfmServlet.service(CfmServlet.java:175) at     coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89) at     jrun.servlet.FilterChain.doFilter(FilterChain.java:86) at     coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42 )     at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)     at jrun.servlet.FilterChain.doFilter(FilterChain.java:94) at     jrun.servlet.FilterChain.service(FilterChain.java:101) at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106)     at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42) at     jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286)     at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)     at     jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)     at     jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320)     at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)     at     jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266)     at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
    TagContext
    array
    1
    struct
    COLUMN
    0
    ID
    LINE
    162
    RAW_TRACE
    at         cfmyhome2ecfm1641837815._factor14(D:\[path_omitted]\mypage\myhome.cfm:162)
    TEMPLATE
    D:\[path_omitted]\mypage\myhome.cfm
    TYPE
    CFML
    2
    struct
    COLUMN
    0
    ID
    CF_MYHOME
    LINE
    1
    RAW_TRACE
    at         cfmyhome2ecfm1641837815.runPage(D:\[path_omitted]\mypage\myhome.cfm:1)
    TEMPLATE
    D:\[path_omitted]\mypage\myhome.cfm
    TYPE
    CFML
    Type
    Expression
    element
    EMPLOYEENUMBER
    objectType
    object of java.lang.Class
    Class       Name
    java.lang.Class
    Methods
    Method
    Return Type
    asSubclass(java.lang.Class)
    java.lang.Class
    cast(java.lang.Object)
    java.lang.Object
    desiredAssertionStatus()
    boolean
    forName(java.lang.String,         boolean, java.lang.ClassLoader)
    java.lang.Class
    forName(java.lang.String)
    java.lang.Class
    getAnnotation(java.lang.Class)
    java.lang.annotation.Annotation
    getAnnotations()
    java.lang.annotation.Annotation[]
    getCanonicalName()
    java.lang.String
    getClassLoader()
    java.lang.ClassLoader
    getClasses()
    java.lang.Class[]
    getComponentType()
    java.lang.Class
    getConstructor(java.lang.Class[])
    java.lang.reflect.Constructor
    getConstructors()
    java.lang.reflect.Constructor[]
    getDeclaredAnnotations()
    java.lang.annotation.Annotation[]
    getDeclaredClasses()
    java.lang.Class[]
    getDeclaredConstructor(java.lang.Class[])
    java.lang.reflect.Constructor
    getDeclaredConstructors()
    java.lang.reflect.Constructor[]
    getDeclaredField(java.lang.String)
    java.lang.reflect.Field
    getDeclaredFields()
    java.lang.reflect.Field[]
    getDeclaredMethod(java.lang.String,         java.lang.Class[])
    java.lang.reflect.Method
    getDeclaredMethods()
    java.lang.reflect.Method[]
    getDeclaringClass()
    java.lang.Class
    getEnclosingClass()
    java.lang.Class
    getEnclosingConstructor()
    java.lang.reflect.Constructor
    getEnclosingMethod()
    java.lang.reflect.Method
    getEnumConstants()
    java.lang.Object[]
    getField(java.lang.String)
    java.lang.reflect.Field
    getFields()
    java.lang.reflect.Field[]
    getGenericInterfaces()
    java.lang.reflect.Type[]
    getGenericSuperclass()
    java.lang.reflect.Type
    getInterfaces()
    java.lang.Class[]
    getMethod(java.lang.String,         java.lang.Class[])
    java.lang.reflect.Method
    getMethods()
    java.lang.reflect.Method[]
    getModifiers()
    int
    getName()
    java.lang.String
    getPackage()
    java.lang.Package
    getProtectionDomain()
    java.security.ProtectionDomain
    getResource(java.lang.String)
    java.net.URL
    getResourceAsStream(java.lang.String)
    java.io.InputStream
    getSigners()
    java.lang.Object[]
    getSimpleName()
    java.lang.String
    getSuperclass()
    java.lang.Class
    getTypeParameters()
    java.lang.reflect.TypeVariable[]
    isAnnotation()
    boolean
    isAnnotationPresent(java.lang.Class)
    boolean
    isAnonymousClass()
    boolean
    isArray()
    boolean
    isAssignableFrom(java.lang.Class)
    boolean
    isEnum()
    boolean
    isInstance(java.lang.Object)
    boolean
    isInterface()
    boolean
    isLocalClass()
    boolean
    isMemberClass()
    boolean
    isPrimitive()
    boolean
    isSynthetic()
    boolean
    newInstance()
    java.lang.Object
    toString()
    java.lang.String
    StackTrace
    coldfusion.runtime.UndefinedElementException:   Element EMPLOYEENUMBER is undefined in SESSION. at coldfusion.runtime.CfJspPage.resolveCanonicalName(CfJspPage.java:1659)   at coldfusion.runtime.CfJspPage._resolve(CfJspPage.java:1612) at   coldfusion.runtime.CfJspPage._resolveAndAutoscalarize(CfJspPage.java:1747) at   coldfusion.runtime.CfJspPage._resolveAndAutoscalarize(CfJspPage.java:1740) at   cfmyhome2ecfm1641837815._factor14(D:\[path_omitted]\mypage\myhome.cfm:162) at   cfmyhome2ecfm1641837815.runPage(D:\[path_omitted]\mypage\myhome.cfm:1) at   coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:196) at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:370)   at coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65) at   coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:273) at   coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48)   at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40) at   coldfusion.filter.PathFilter.invoke(PathFilter.java:86) at   coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:70) at   coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:2 8)   at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at   coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46) at   coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at   coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22) at   coldfusion.CfmServlet.service(CfmServlet.java:175) at   coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89) at   jrun.servlet.FilterChain.doFilter(FilterChain.java:86) at   coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42 )   at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46) at   jrun.servlet.FilterChain.doFilter(FilterChain.java:94) at jrun.servlet.FilterChain.service(FilterChain.java:101)   at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106) at   jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42) at   jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286) at   jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543) at   jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)   at   jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320)   at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)   at   jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266)   at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
    TagContext
    array
    1
    struct
    COLUMN
    0
    ID
    LINE
    162
    RAW_TRACE
    at       cfmyhome2ecfm1641837815._factor14(D:\[path_omitted]\mypage\myhome.cfm:162)
    TEMPLATE
    D:\[path_omitted]\mypage\myhome.cfm
    TYPE
    CFML
    2
    struct
    COLUMN
    0
    ID
    CF_MYHOME
    LINE
    1
    RAW_TRACE
    at       cfmyhome2ecfm1641837815.runPage(D:\[path_omitted]\mypage\myhome.cfm:1)
    TEMPLATE
    D:\[path_omitted]\mypage\myhome.cfm
    TYPE
    CFML
    Template
    /[omitted]/mypage/myhome.cfm
    Type
    coldfusion.runtime.CfErrorWrapper

  • Session Variables Randomly  Lost between Pages

    My web page uses a session to keep track of who logged in.
    What I noticed is that the session variables stored appears and
    disappears randomly on different pages. The wierd thing is that my
    code is very simple.
    For the life of me I can not figure this out....

    I go through a hosting company and do not expect them to do
    any load balancing.
    What are sticky sessions?
    The cflocation tag also has the addtoken="yes" to it now and
    symptoms persist.
    I tested the case with
    sessiontimeout=#CreateTimeSpan(0,2,0,0)# instead of the
    sessiontimeout=#CreateTimeSpan(0,0,120,0)# and symptoms still
    persist.
    Any other suggestions? I think I ran into a wall
    here....

  • Printing a Web Report Using Firefox Results in Lost Session Variables

    Post Author: AVXFlyer
    CA Forum: .NET
    I'm  having a problem with Firefox users printing a Crystal Report from a web site. 
    The first page of the web site collects information to be used in the report generation, for example, start date, end date, type of report etc.  These are all various text boxes, drop down lists, radio buttons and check boxes.  When the user clicks to show the report, everything works fine and the first page of the report will display. The code behind this page takes care of saving al the session variables into hidden fields on the page so the settings will be accessible when the user clicks to view the next page of the report.
    On clicking to view the next page of the report, everything is still fine and the process works beautifully and I've had no problems. 
    A new problem has surfaced during the printing of these reports.  Users who use IE6.0 or IE 7.0 do not have a problem, however, users who use Firefox do have a problem.
    It seems that the print dialog which appears as part of the the Crystal web control manages to 'lose" the variables which were present on the calling page.  It only does this with the Firefox browser.  Calls on postback to retrieve the variables from the hidden fields result in 0's or empty strings ("").
    Protected Sub Page_Init(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Init .... ....  If Me.IsPostBack = False Then ... ...        strDiscontinuedOnly = Request.Form.Item("ddlInvStatus")             If strDiscontinuedOnly = Nothing Then                 isDiscontinuedOnly = False             Else                 Select Case strDiscontinuedOnly                     Case 0 'All Inventory                         isDiscontinuedOnly = False                     Case 1 'Discontinued Inventory                         isDiscontinuedOnly = True                     Case 2 'Active Inventory                         isDiscontinuedOnly = False                 End Select             End If Else 'Postback is true             intRequestedReport = Request.Form.Item("fldReportID")             strDiscontinuedOnly = Request.Form.Item("fldInvDiscItemsOnly")             isDiscontinuedOnly = Request.Form.Item("fldInvDiscItemsOnly") ... ... end if

    Can't explain it, but here are a few tests;
    1) Try to print a saved data report
    2) Try to print a report that is not using parameters
    3) Try a different printer driver as "default"
    4) Enable the option "Dissociate Formatting Page Size and Printer Paper Size" on the report
    5) What format do you export to?
    Ludek
    Follow us on Twitter http://twitter.com/SAPCRNetSup
    Got Enhancement ideas? Try the [SAP Idea Place|https://ideas.sap.com/community/products_and_solutions/crystalreports]

  • Using Session Variables for User Login - sometimes they don't persist... what am I doing wrong?

    Hi all,
    I'm running a site that requires user login.  I approached the building of this site as almost a complete newb to CF (and dynamic coding in general), and it's been a great learing experience (with lots of help from you guys).
    However, I guess I never learned the correct way to handle a user login.  It seemed to me that I could just test the user-entered credentials against those stored in a database, then set a session variable containg that user's record number.  Then, not only would I have an easy way of knowing who this user was and therefore what info to serve him, but I could test for the existence of a valid login on every page in the protected folder, by adding this code to my application.cfc in that folder:
    <cfset This.Sessionmanagement=true>
    <cfset This.Sessiontimeout="#createtimespan(0,8,0,0)#">
       <cfif NOT isDefined ("session.username") or NOT isDefined ("session.password") or NOT isDefined ("session.storeID")>
         <cflocation url="../index.cfm" addtoken="no">
       </cfif>
    ...and it goes on to run a query and verify that the session.username and session.password match for the store defined by session.storeID.  If not, all session variables are cleared and it bounces you back to the login page.  When the user clicks Logout, all I do is delete all the session variables.
    This seemed to work great for like a year, but lately I've been getting reports that the login doesn't seem to persist for longer than approx. 20 minutes of inactivity.  You can see I specified session variables to remain active for 8 hours (I know that seems like a drastically long login, but it's what's necessary for this application).  I've only gotten this report from a few people, and I myself can't seem to duplicate it... I've tested an inactive login for 45 minutes now and it held.
    SO:  any reason you can think of why session variables would be spontaneously clearing for some people?  Would having your router reset its IP address invalidate the session or something?  Also, the problem seemed to begin appearing after my host upgraded all their servers to CF9... could there be any relation?
    And on a more general note... did I go about this completely the wrong way to begin with?  If so, what's the standard way to manage a login?
    Lots of questions, I know... thanks very much for any answers or suggestions!
    Joe

    Ian,
    Thanks very much - very helpful information.
    Sounds like passing the tokens in every request is probably the way to go for this.  I don't think it's likely that any users will be sharing links, unless they actually intend for the recipient to see their info anyway.
    Is that all I would have to do, is add the tokens to every path?  Would that guarantee that all the session variables would remain valid until timeout or being cleared?
    Again, thanks, you've been really helpful.
    Joe
    On Jun 23, 2010 4:37 PM, Ian Skinner &lt;[email protected]&gt; wrote:
    Unfortunately this is the nature of HTTP web applications.  There is NO state maintained from HTTP request to request.  This is by design in the HTTP protocol specifications.
    ColdFusion provides two methods to circumvent this limitation.  Each method has limitations and caveats.  They both rely on the passing of tokens between the client and the server with every request.  These tokens can be passed as cookies OR URL (GET) variables.  You are using the cookie method, which is the simpler and most common. You may be experiencing the limitation of this method.  If something happens to the cookies the session can be lost.
    You could pass the (CFID &amp; CFTOKEN) OR JESSIONID tokens through the URL query string with every request.  This requires one to add these values to every link, form action, cflocation or other request path in our application.  ColdFusion provides the session.urltoken variable to make this easier to do.  The tokens will be visible to the user.  Also if the links with an individual token is share with other users, via e-mail, chat, social networks, etc and one of these users utilize the link during the life of a session (8 hours apparently in your case).  Then that user will access the session of the original user.
    Cookie session management is by far the most common choice by CF developers.  If these methods do not meet your needs you would need to go beyond the HTTP limitations of web applications.  One might be able to accomplish this with a Flex|Air|Flash applications that can be configured to use a continuous connection to the server.  Thus not suffer the stateless nature of the normal HTTP request-response cycle.
    I do not know if a router resetting would cause cookies to be discarded or otherwise invalidated.  But I would not think it is beyond the relm of possibilities.

  • Session variables dropping

    I've been having this problem for a long time so I thought
    I'd post again and maybe get a hit this time.
    We run off windows cfmx 7.x now fully patched, prior to that
    we were on cfmx 6.x. We use session management only. Many times on
    a new page hit the user loses about half of their session variables
    up to all of them. Typically we have them test on the same machine
    using different browsers. 99% of the time switching from IE to
    firefox solves the problem, most of the users have had IE 6.x.
    I experienced this problem myself for about 4 months time and
    I could reproduce it daily when neccessary by simply opening a new
    window to our application and the session information would persist
    to the new window but the parent window would receive a new cfid
    and lose all session information. New windows aren't the only
    issue, we see a lot of lost session variables in one click, same
    window, functionality. I've had hooks in place to test if the
    domain was different on page hits removing the www or something but
    so far have not found anything there. Each time a new CFID is being
    issued and they are losing the original. We attempted to put CFID's
    in the URL at all times but that leads to other issues and didn't
    solve the problem for us anyhow.
    This has been a serious issue for awhile and browsing these
    forums I see others are experiencing it to some extent too. I'm
    wondiner if anyone has any tips or can confirm the CF Admin/app.cfc
    setup you use if you're not seeing any problems like this.

    right... response.sendRedirect(). sendRedirect works by sending a repsonse to the browser with a location header. The browser sees that header and makes a new, separate request to the new location. It's no different then typing the location in the location bar in the browser or clicking a link.
    But that doesn't matter. If you have 2 web applications (aka 2 servlet contexts) on the server, they are not going to share sessions between them. So the first page is working off one session in one context with some ID. Then the redirect sends it to another page in a different context. That session ID is not valid in that 2nd context, so a new session is created like it was a first time user. And if you redirect back, you may not get the same session for the first context, unless the session ID cookie defines the path as well (I'm not sure offhand).
    The "application" object is the servlet context, specifically a javax.servlet.ServletContext object (or implementation of the interface, technically). Nothing is shared between contexts.
    Now, you can always share things in one way or another. Store things in a database or in files. Use a messaging system like SOAP or JMS. Maybe the server allows for contexts to access each other (they aren't shared in that case, just that you can get a named context and read what's stored in it).
    Or don't have your separate contexts, use subdirectories in the same context.

  • How to access a session variable just before rendering a JSF page???

    Dear Sirs...
    i am using jdeveloper 10.1.3.2 with JSF and ADF faces. i want to access a session variable and perform some processing just before rendering a page. how can i achieve this????
    i am a little new to jsf, so i feel a little lost
    thanks for any help in advance, and best regards

    <p>
    Hi,
    </p>
    <p>
    See example 60 &quot;<strong>Triggering OnPageLoad-Style Code in a JSF Backing Bean Using ADF PagePhaseListener or PageController</strong>&quot; on Steve&#39;s Muench blog.
    </p>
    <p>
    Kuba 
    </p>

  • Problem in session variables

    hi ,
    Is it not correct to assume that ones we close the browser the session losts and all the session variables also?
    Actually i have design an authentication page which takes userid and password from user and supply this to servlet which after authentication sets a variable "validity" in session to true.
    And in every other jsp page first i m checking this variableis true or not if not then i m redirecting it to authentication page with this tag
    <jsp:forward page="authentication.jsp" />
    now if i have authenticated correctly and close browser and try to access other pages directly then browser allows me to access any page and infact when i print "validity" variable from session then it prints true. That means even after closing the browsing session remains.
    I tried to print session id then after opening a new browser it is showing the same browser.
    In web.xml file i have mentioned the session time to 60 minutes . Is it because of this?. If it then how these standard sites sun, yahoo maintains session time out as well as browser dependent session.
    Right now what i have to do is before setting the variable i have reset the variable to null. But wher shud i reset the validity variable . in destroy method?
    manish

    Your problem is not due to session time out in the xml
    file.
    I think whenever you close your browser the session
    does not exists.
    Remember to invalidate the session while logging off.
    It should workThat is not true. The session will exist for as long as the session timout option is set. Although invalidating the session at logoff is a good idea, there is no real method to force people to log off when the leave your site/close the browser.
    There are a couple of possibilities why the session would still be used after a browser is closed, although normal behavior is to create a new one. The main reason is because the cookie on the browser that maintains the jsessionid is not destroyed. This often occurs in browsers like NS 7 with a "quick-load" app running in the taskbar area (next to the clock). These little parts of the application never close, and hold on to browser cache and cookies, so as to make it quicker to open and surf.
    How do you ge around this? I do not know, except perhaps by preventing the session from using cookies for tracking...

  • Session Variables Not Sticking

    We are having issue with Session variables sticking from page to page in our Admin area of our website. You can login, but as soon as you click on another link (or anything) they drop.  
    It's not a code issue because we have the same code on 2 other networks and it works fine. We also have the same code on our backup website on the same network and it works fine.  The backup is on a different server in a different location. So that's 3 networks the code is running fine on. It even worked on this network on the main website up until about 9 months ago. I've verified/reverified the code mutiple times. Something must have happened with security patches, some IIS setting, or other server related issue.  We are running 2003 Windows Server Edition SP2 and Coldfusion version 8,0,1,195765. 
    The browsers used are IE7 and IE8. I don't think it's a browser issue because I can open another tab in the same browser and login and stay logged in on the website on another network.  We have already gone into browser advanced settings to make sure session variables are allowed. We've also had a couple of other admins look at it from various locations throughout the Country and they also cannot stay logged in on our main site. They can all stay logged in on the backup site. 
    Frustrating beyond belief. I'm betting it's a Microsoft issue.  Anybody out there have a similar issue or know what it might be?

    I've experienced a similar problem with CF8 using IE8. I've narrowed it down to being cookie related which causes CF to loose the existing session and create a new session. For me, I can consistently duplicate the issue by having multiple tabs open to various sites and then accessing my site to login -- login is successful but the first page request is treated as unauthorized because the session is empty. If I shutdown and restart the browser and bring up only my site, everything works fine. And once I'm logged in, I have never lost a session by opening other tabs. And this has never failed using Firefox or Safari. What is very strange is that I have multiple sites using CF8 and CF9 and only one exibits this behaviour.

  • Trouble with session variables

    Hello, I am a user of cf for a number of years, but only
    lately as of last week have I had the opportunity to work with CF
    8.... wow the changes are quite intimidating. But none the less
    press on is my thought, so now my trouble. Thing I did was to start
    using application.cfc vs application.cfm, as it would appear that
    is how things have come to pass. So I looked around and found this
    code to set session management:
    <cfcomponent output="false" hint="Handles application
    level events.">
    <!--- Set up the application. --->
    <cfset THIS.Name = "AppCFC" />
    <cfset THIS.ApplicationTimeout = CreateTimeSpan( 0, 0, 60,
    0 ) />
    <cfset THIS.SessionManagement = true />
    <cfset THIS.SetClientCookies = false />
    <CFSET request.dsn = "wlaw" />
    </cfcomponent>
    My problem is that while I can define a session variable on a
    page that is not under the SSL cert, my session vars become
    undefined once I land on a page under SSL.
    Am I missing something? I dont recall this being a problem in
    the past. All help is appreciated.
    as to setting the var, it is done on an index page which
    calls another page in a different directory, but under the same
    server,.
    <cfset session.ref="foo">
    the only changes are that the result page or action page if
    you prefer is now under the ssl and the var becomes undefined.
    thank you in advance
    Mike Dooly

    is the object being put in session context serializable.. Also in
              other to avoid any generated classes issues delete all the classes
              whcih weblogic generates as part of deploying the application. That
              should atleast mitigate one explanation for your problem.
              Hope this helps
              ~a
              [email protected] (Gabriel Ornelas De Luna) wrote in message news:<[email protected]>...
              > Hello everyone,
              > I'm currently working with WL 6.1 and I'm having trouble with the
              > persistence of some session variables which are initially created
              > correctly on the server side, and they get lost (null) once the Web
              > clients need to access its value.
              > This is the error which is being written on a log file:
              >
              > <May 13, 2003 3:05:09 PM EDT> <Error> <HTTP Session> <Could not
              > deserialize session data
              > java.io.NotSerializableException:
              >
              > Things were woriking perfectly, but suddenly after bouncing the server
              > instance several times, in order to pick up the latest changes in my
              > classes, I started to get this error once the server tries to load the
              > jsp.
              >
              > JSP Code:
              > <%
              > Integer businessID = (Integer) session.getAttribute("business_id" );
              > Util.isCapitolBusiness(businessID.intValue())
              > %>
              >
              > I appreciate your help.
              > Regards.
              > g.
              

  • Session varaible data lost!

    Hi,
    I have a situation where I have A servlet set with some session variables from here another page url is called which is resides in a different machine and server. Again when A servlet is called through a url from the 2nd machine , the original session data set in A servlet is lost?
    Any idea how the session data in A servlet could be retained?

    From all that I could understand from your questions, there are two servlets running in two different machines. They can never obtain each others session data.

  • Accessing session variables PHP

    I am trying to access a session variable from a log in form (using the Log In User Server Behavior) and am lost. I simply want to display the users information in the target page. I read in another discussion that I had to bind the variable to the target page, which I did, but that didn't fix it.
    Please help.
    Here is my loginFormAction code:
    <?php
    // *** Validate request to login to this site.
    if (!isset($_SESSION)) {
      session_start();
    $loginFormAction = $_SERVER['PHP_SELF'];
    if (isset($_GET['accesscheck'])) {
      $_SESSION['PrevUrl'] = $_GET['accesscheck'];
    if (isset($_POST['email'])) {
      $loginUsername=$_POST['email'];
      $password=$_POST['password'];
      $MM_fldUserAuthorization = "";
      $MM_redirectLoginSuccess = "owner.php";
      $MM_redirectLoginFailed = "register.php";
      $MM_redirecttoReferrer = false;
      mysql_select_db($database_petriever, $petriever);
      $LoginRS__query=sprintf("SELECT email, password FROM owners WHERE email=%s AND password=%s",
        GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
      $LoginRS = mysql_query($LoginRS__query, $petriever) or die(mysql_error());
      $loginFoundUser = mysql_num_rows($LoginRS);
      if ($loginFoundUser) {
         $loginStrGroup = "";
        //declare two session variables and assign them
        $_SESSION['MM_Username'] = $loginUsername;
        $_SESSION['MM_UserGroup'] = $loginStrGroup;      
        if (isset($_SESSION['PrevUrl']) && false) {
          $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
        header("Location: " . $MM_redirectLoginSuccess );
      else {
        header("Location: ". $MM_redirectLoginFailed );
    ?>

    Wherever you want to display the logged-in username simply place this on the first line of a .php page to start the session:
    <?php session_start(); ?>
    Then place this code wherever you want to display the username:
    <?php echo $_SESSION['MM_Username']; ?>

Maybe you are looking for