2 Replies - 5499 Views - Last Post: 01 June 2016 - 09:20 AM Rate Topic: -----

#1 mischdm  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 2
  • Joined: 30-May 16

Coldfusion 10 session issues

Posted 30 May 2016 - 11:54 PM

Hi,

I moved a site from CF 8 to CF10. CF8 resided in a different server. I put a WriteOutput(" testing") in the onSessionstart function of the Application.cfc to know how the site will behave. I ran the site, on the default page the the "testing" appeared. When I clicked on the SignIn page, the "testing" word appeared again. It's calling the onSession start. Here is what's in my onSessionstart.
<cffunction name="onSessionstart" returntype="void">		
	<cfif NOT StructKeyExists( cookie,"CFID" ) OR NOT StructKeyExists( cookie,"CFTOKEN" )>			
		<cfheader name="Set-Cookie"  value="CFID=#session.CFID#; Expires=#GetHttpTimeString(DateAdd("yyyy", 40, Now()))#; Path=/;SECURE;HTTPOnly;">
		<cfheader name="Set-Cookie"  value="CFToken=#session.CFToken#; Expires=#GetHttpTimeString(DateAdd("yyyy", 40, Now()))#; Path=/;SECURE;HTTPOnly;">
	</cfif>
	<cfscript>
		WriteOutput("testing");
		StructClear(session);			
		session.pageRedirector = "";	//used for sending a user back to a previous requested page when authentication is required first
		session.profile = CreateObject("component","mysite.cfcs.user");
		session.shoppingCart = CreateObject("component","mysite.cfcs.cart");
		session.catalog = CreateObject("component","mysite.cfcs.catalog");			
	</cfscript>
</cffunction>



I'm using CSRFGenerateToken() to verify the page, so if the application keeps on calling the onSessionstart, the session will always be cleared and the user was not able to login.

Here are some of the variables:
	<cfscript>
		this.name="mysite";
		this.clientmanagement=false;
		this.sessionmanagement=true;
		this.setclientcookies=false;
		this.sessiontimeout="#CreateTimeSpan(0,0,40,0)#";//TODO: revert back to 40 mins as default
		this.applicationtimeout="#CreateTimeSpan(0,1,0,0)#";
		this.loginStorage = "Session";
		this.logFile = "mysite_LOG";
		this.scriptProtect = "all";
	</cfscript>



To fix the issue, I set setclientcookies to true. The session lost issue is solved but it gave a new issue - session is not terminated on browser exit.


IIS version is = IIS 8.5
OS version = Win server 2012 R2


If anybody can give some ideas, I would deeply appreciate it.

This post has been edited by Craig328: 01 June 2016 - 09:13 AM
Reason for edit:: Added code tags


Is This A Good Question/Topic? 0
  • +

Replies To: Coldfusion 10 session issues

#2 mischdm  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 2
  • Joined: 30-May 16

Re: Coldfusion 10 session issues

Posted 31 May 2016 - 12:01 AM

In addition to my observation, if the this.setclientcookies=false, it keeps on calling onSessionstart on every request. That is why I changed the value to true. but a new issue occured.
Was This Post Helpful? 0
  • +
  • -

#3 Craig328  Icon User is offline

  • I make this look good
  • member icon

Reputation: 2024
  • View blog
  • Posts: 3,609
  • Joined: 13-January 08

Re: Coldfusion 10 session issues

Posted 01 June 2016 - 09:20 AM

Welcome to DIC mischdm!

So, I'm not 100% clear on the issue but before we dig too deep into it, I noticed that in your onSessionstart method you have this:
StructClear(session);


What it looks like to me (and I'm admitting that I've never tried this) is that when your session starts, and you create the session cookies (CFID and CFTOKEN) manually if they're not there with the session.CFID and session.CFToken values...and then you're destroying the session with the structClear function.

If all you're wanting to do is to clear the following four session variables, have you tried detecting and clearing them explicitly if they exist rather than nuking the entire session?

I've not done what you're doing here but it seems like a clear connection from using the session values for CFID and CFToken to immediately deleting the same a couple lines lower.

Try focusing your efforts on that and see if that doesn't get you where you want to be.

Good luck and post back here if that didn't get it for you.

This post has been edited by Craig328: 01 June 2016 - 09:20 AM

Was This Post Helpful? 0
  • +
  • -

Page 1 of 1