Ask a Question related to Coldfusion - Advanced Techniques, Design and Development.
-
Matt McSpirit #1
Session Variables randomly changing
Hi Guys,
Please help!
I have an application running fine, the users can login, logout etc and at the
moment, im using cfdump to show the session and application variables just so i
know what is going on, but ive encountered a problem and i really do not know
what is wrong, its as if the scopes are messing up or something. Here is my
application.cfm:
<cfapplication name="TravelTracker"
clientmanagement="yes"
sessionmanagement="yes"
sessiontimeout="#CreateTimeSpan(0,1,0,0)#"
applicationtimeout = "#CreateTimeSpan(0,1,0,0)#"
setclientcookies="yes">
<cflock timeout="5" scope="application" type="exclusive">
<cfset request.dsn = "Project">
</cflock>
<!---<cfscript>
StructClear(application);
StructClear(Session);
</cfscript> --->
<cflock scope="session" type="exclusive" timeout="5">
<cfif NOT IsDefined ("session.loggedin")>
<cfset session.loggedin = "False">
</cfif>
</cflock>
<!--- multiple login check --->
<cflock timeout="10" scope="application" type="exclusive">
<cfif NOT IsDefined("Application.UsersInfo")>
<cfset Application.UsersInfo = StructNew()>
</cfif>
</cflock>
<cfif session.loggedin IS "False">
<cfif ListLast(CGI.SCRIPT_NAME, "/") EQ "login.cfm">
<cfelseif ListLast(CGI.SCRIPT_NAME, "/") EQ "processLogin.cfm">
<cfelseif ListLast(CGI.SCRIPT_NAME, "/") EQ "request.cfm">
<cfelseif ListLast(CGI.SCRIPT_NAME, "/") EQ "passwordSend.cfm">
<cfelse>
<!--- this user is not logged in, alert user and redirect to the login.cfm
page --->
<cflocation url="login.cfm" addtoken="no">
</cfif>
</cfif>
Should i be using setclientcookies to yes/no?
The problem lies, when im logged in, and another user is logged in too, and
say, my session.userID (which had been obtained upon login) is 1, and the other
person's is 8. On my page, using the cfdump, i can see the session variables
relevant to me, which include:
email [email]matt@mattmcspirit.co.uk[/email]
loggedin True
roleid 3
rolename Super-User
status Logged In
urltoken CFID=2704&CFTOKEN=53317046
userid 1
username Matt McSpirit
and underneath, i can see the application variables:
1: {ts '2005-03-31 17:15:04'}
8: {ts '2005-03-31 17:15:14'}
However, if i keep pressing refresh (for testing purposes) or if i navigate
around some other pages and come back to this one, my userID in the session
scope has changed to 8! If i then go to my profile, i get the other members
profile. This also causes problems when logging out, as i log them out, and
userID 1 is left in the system.
What am i doing wrong? Please help!
Some more of my code is as follows:
Login.cfm: (just the relevant bits)
<cfif NOT IsDefined("url.action")>
<cfset PageTitle = "Travel Tracker Login">
<cfset PageText = "Welcome to the Travel Tracker">
<cflock scope="session" type="exclusive" timeout="5">
<cfscript>
StructClear(session);
</cfscript>
</cflock>
<cfelseif (url.action IS 'logout')>
<cfset PageTitle = "Travel Tracker Logout">
<cfset PageText = "Logout Successful">
<cfif NOT IsDefined ("session.loggedin")>
<cflocation url="login.cfm" addtoken="no">
<cfelseif NOT IsDefined ("session.userID")>
<cflocation url="login.cfm" addtoken="no">
<cfelse>
<cflock scope="Application" type="exclusive" timeout="5">
<cfscript>
StructDelete(Application.UsersInfo, session.userID);
</cfscript>
</cflock>
<cflock scope="session" type="exclusive" timeout="5">
<cfscript>
StructClear(session);
</cfscript>
</cflock>
<cflocation url="login.cfm?action=logoutComplete" addtoken="no">
</cfif>
<cfelseif (url.action IS 'logoutComplete')>
<cfset PageTitle = "Travel Tracker Logout">
<cfset PageText = "Logout Successful">
<cfif NOT IsDefined ("session.loggedin")>
<cflocation url="login.cfm" addtoken="no">
<cfelseif NOT IsDefined ("session.userID")>
<cflocation url="login.cfm" addtoken="no">
</cfif>
<cfelseif (url.action IS 'remoteLogout')>
<cfset PageTitle = "Travel Tracker Logout">
<cfset PageText = "Remote Logout Successful">
<cfset RemotePageText = "You have been successfully logged out from another
machine. If you wish to log back in on this machine,
you will need to log yourself out on the other machine.">
<cflock scope="session" type="exclusive" timeout="5">
<cfscript>
StructClear(session);
</cfscript>
</cflock>
</cfif>
<cfif IsDefined ("session.loggedin") AND (session.loggedin IS 'True')>
<cflocation url="index.cfm" addtoken="no">
</cfif>
And finally, processLogin:
<!--- This user has logged in correctly, change the value of the session
variables appropriately --->
<cfif processLogin.RecordCount GT 0>
<cfset comparison = Compare(FORM.userpass, processLogin.Userpass)>
<cfif comparison eq 0>
<cflock scope="session" type="exclusive" timeout="5">
<cfset session.userID = processLogin.EmployeeID>
</cflock>
<cfif StructKeyExists(Application.UsersInfo, session.userID) >
<cflock scope="Application" type="exclusive" timeout="5">
<cfset Application.UsersInfo[session.userID] = now()>
</cflock>
<h1>User Already Logged In</h1>
<h2>Logging on at multiple computers is not allowed. Either click
"Yes" to log yourself out from the machine
you are logged in at or click the link at the bottom to return to the
login screen</h2>
<br />
<h3>Do you wish to log yourself out of the travel tracker?</h3>
<form action="login.cfm?action=logout" name="remoteLogout"
method="post">
<input type="submit" value="Yes" onclick="return confirm ('Are you
sure you want to log yourself out?');" />
</form>
<p></p><a href="login.cfm" title="Login">Back to Login Screen</a>
<cfelse>
<cflock scope="Application" type="exclusive" timeout="5">
<cfscript>
StructInsert(Application.UsersInfo, session.userID, now());
</cfscript>
</cflock>
<cflock scope="session" type="exclusive" timeout="5">
<cfset session.loggedin = "True">
<cfset session.status = "Logged In">
<cfset session.username = processLogin.FirstName & ' ' &
processLogin.LastName>
<cfset session.roleID = processLogin.AdminID>
<cfset session.rolename = processLogin.AdminName>
<cfset session.eMail = processLogin.EMail>
</cflock>
<!--- Automatically re-direct to the home page --->
<cflocation url="index.cfm" addtoken="no">
</cfif>
<!---</cfif> --->
<cfelse>
<h1>Incorrect Password</h1>
<form action="processLogin.cfm" method="post" name="processLogin"
onsubmit="return loginCheck();">
<table class="content">
<tr>
<td colspan="2"><h2>Remember - Passwords are Case Sensitive.<br
/>'John' is not the same as 'john'</h2></td>
</tr>
<tr><td><br /></td></tr>
<tr>
<td class="forty"><h3>Username:</h3></td>
<td class="tableLeft"><input size="24" maxlength="30" type="Text"
name="username" value="" tabindex="1"></td>
</tr>
<tr>
<td class="forty"><h3>Password:</h3></td>
<td class="tableLeft"><input size="26" maxlength="30" type="password"
name="userpass" tabindex="2"></td>
</tr>
<tr>
<td class="forty"></td>
<td class="tableLeft"><a href="request.cfm">Forgotten Login
Details?</a></td>
</tr>
<tr>
<td class="tableLeft"><input type="submit" name="loginUser"
value="Login" tabindex="3"></td>
</tr>
</table>
</form>
</cfif>
<cfelse>
<!--- this user did not log in correctly, alert and redirect to the login
page --->
<h1>Incorrect username or password</h1>
<form action="processLogin.cfm" method="post" name="processLogin"
onsubmit="return loginCheck();">
<table class="content">
<tr>
<td colspan="2"><h2>Please try again.</h2></td>
</tr>
<tr><td><br /></td></tr>
<tr>
<td class="forty"><h3>Username:</h3></td>
<td class="tableLeft"><input size="24" maxlength="30" type="Text"
name="username" value="" tabindex="1"></td>
</tr>
<tr>
<td class="forty"><h3>Password:</h3></td>
<td class="tableLeft"><input size="26" maxlength="30" type="password"
name="userpass" tabindex="2"></td>
</tr>
<tr>
<td class="forty"></td>
<td class="tableLeft"><a href="request.cfm">Forgotten Login
Details?</a></td>
</tr>
<tr>
<td class="tableLeft"><input type="submit" name="loginUser"
value="Login" tabindex="3"></td>
</tr>
</table>
</form>
</cfif>
Im guessing the problem lies with the scoping, but i just dont know and cant
understand why it goes wrong.
Any help would be great,
Thanks,
Matt
Matt McSpirit Guest
-
Session Changing Another Session's Variables
I use session variables to control access to various pages on the website. When a user logs in I set session variables to control a user's access... -
Randomly changing file to pdf
Im using Illustrator 10.0.3 and this happens in both Jaguar and Panther. Ill be working in an .ai file, usually with placed .psd files, then after a... -
#25057 [Opn->Fbk]: Session randomly changes session_id
ID: 25057 Updated by: iliaa@php.net Reported By: asnagy at syr dot edu -Status: Open +Status: ... -
Dynamic content within page? Changing session variables with VBScript?
> A URL would be helpful. It's not on a public server... This is for an intranet application. This would work fine, except that eventually... -
randomly changing position of emission 3d particles
I am looking to have 3d particle emission (fireworks display) randomly display in different positions, rather than looping in the same position. ... -
gwgiswebmaster #2 Re: Session Variables randomly changing
it appears you may be trying to use application variables to store
user-specific data, and this won't work. Application variables are to be used
as constants for all users, so this is why you are seeing data changes on
subsequent refreshes. Second, you should create a structure session variable
to store your user-specific info, and keys of the structure for each pc of data
you wish to store. Then when you want to end the session, you can use
StructDelete() to kill the structure, and thus, the session.
gwgiswebmaster Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
