Session variable error...
in [Advanced Techniques]
|
Prev: Consuming the Gunbroker API
Next: err.io.short_read
From: coldfuse228 on 1 Feb 2007 14:51 Hi, I have an issue with session variables. Upon successful login, I set a session variable called USERID in application.cfm. Here is the scenario: I login to my web app and the session variable displays fine. However, if I open a new browser and login as the same user, I don't see the variable anymore, I see an error message "Element USERID is undefined in SESSION". Please note this I don't have any code that removes session or its variables. Below is the code I have: 1. Application.cfm: <cfapplication name="testApp" setclientcookies="yes" sessionmanagement="Yes" sessiontimeout=#CreateTimeSpan(0,0,30,0)#> .... Some code that validates login and password... <cflock timeout="20" scope="session" type="exclusive"> <cfset Session.USERID = '282828'> </cflock> <cfloginuser name="#cflogin.name#" Password = "#cflogin.password#" roles="#loginQuery.role#"> 2. Test.cfm This page displays USERID <cfoutput>#Session.USERID#</cfoutput>
From: BKBK on 2 Feb 2007 03:39 What happens when you leave out the lock?
From: coldfuse228 on 2 Feb 2007 10:15 Hi thanks for your response. If I leave out the 'cflock', the same thing happens. On first login, the value is there (282828), but if I open subsequent new browser windows and login, they all will not have the value available. However, if on the first login, I click 'logoff', in which activates my cflogout in my application.cfm, the next open window will have session value after login. I also noticed that I am setting value inside <cflogin> but if I set it outside of <cflogin> there is no problem. However, I need to set a session variable when the user logs in (inside cflogin section) -C
From: BKBK on 2 Feb 2007 12:55 [i]> However, I need to set a session variable when the user logs in > (inside cflogin section)[/i] That is probably the cause of the problem. When you log a user in by means of the apparatus <cflogin><cfloginuser></cflogin>, Coldfusion no longer executes the cflogin tag until the user logs out or until the login session expires. In any case, it makes for better code design [i]not[/i] to place validation data, session IDs, user IDs, etc. within the tag. Use the tag exclusively for login. You are then free to place code like the following anywhere you want <cfif Len(Trim(getAuthUser())) NEQ 0> <!--- user is currently logged in ---> <cfset session.userID="282828"> <!--- etc ---> <cfelse> <!--- etc ---> </cfif> <cfif getAuthUser() IS "John" AND isUserInRole("boss")> <!--- red carpet treatment ---> </cfif>
From: coldfuse228 on 2 Feb 2007 16:09
Hi BKBK, thank you so much for your response! Currently, after user successfully goes through <cflogin>...</cflogin>, I perform your code <cfif Len(Trim(getAuthUser())) NEQ 0><cfset session.userID="282828">... I am still pretty new at this, please excuse my little knowledge on this.....My only concern now is that if there are 10 different users who are going to hit this application.cfm code section with "<cfif Len(Trim(getAuthUser())) NEQ 0><cfset session.userID="282828">..." code, is there going to be any mixing up of information. Like for example, "John" might have just logged in and gone through <cflogin></cflogin> block, but then right before we get to setting the session.userID, "Mary" might intervene and then the session.userID gets mixed up. Please excuse my lack of understanding on this, but if so can you explain how application.cfm works in regard to this, are all requests to this cfm "locked"as in only after all things on application.cfm will have to execute first before next request for this page gets processed? Thank you so much, -C |