Skip to main content
S
stellarinterface
Participating Frequently
November 2, 2009
Question

CFLOGIN works, but not simultaneously on different servers/broswers

  • November 2, 2009
  • 1 reply
  • 820 views

I'm using CFLOGIN with application.cfc which works great when I test it - I'll call it login session A in browser window 1.


When I simultaneously log into the same app on a different server with a different username (login session B in browser window 2), I can't login - unless I log out out of session A/browser window 1 first. Something in my new code is preventing me from logging into my app more than one time, even when the apps are on separate servers and I'm using different usernames.


We have the same app on various servers (test/development/production), and I used to be able to login on 2-3 browsers or servers at a time - and I never had a problem until recently when I made some changes to the application.cfc and login code.


I updated the code because before the session scopes and login credentials were not being initiated and terminated together (upon login/logout). Before, a user was clicking 'logout' and it was clearing the session scopes without invoking CFLOGOUT. Now, I fixed that, but I have another problem, which is that I can't log into the application on two different browsers or servers at the same time (even if I'm using different login usernames). Any suggestions would be appreciated.

---------------------------------------------

<cfcomponent displayname="Application" output="false">
    <cfset this.name = 'SampleApp'>
    <cfset this.SessionManagement = true>
    <cfset this.SetClientCookies = true>
    <cfset this.SessionTimeout = CreateTimeSpan( 0, 0, 5, 0 ) />


<cffunction name="onSessionStart" access="public" returntype="void" output="false">
    <cfset session.hostname = 'http://'&#CGI.HTTP_HOST#&'/'>
    <cfset session.dbase = 'localdb'>
    <cfset session.roles = ArrayNew(1)>
    <cfreturn>
</cffunction>

<cffunction name="onApplicationStart" access="public" returntype="boolean" output="false">
    <cflog file="SampleApp" type="information" text="Application started." />
    <cfreturn true>
</cffunction>


<cffunction name="onApplicationEnd" returntype="void" output="false" hint="Executes on session timeout or if server shuts down.">
    <cfcookie name="CFID" value="#CFID#" expires="now">
    <cfcookie name="CFTOKEN" value="#CFTOKEN#"  expires="now">
    <cfreturn>
</cffunction>

<cffunction name="onRequestStart" access="public" returntype="void" output="true" hint="Executes before each page processes.">
    <cfargument name="targetPage" type="String" required="true"/>
      
        <cfsilent>


        <cfif GetAuthUser() NEQ ''>
            <cfif NOT isDefined('session.uname')>
                <cfif CGI.HTTP_REFERER DOES NOT CONTAIN "login.cfm">
                    <cfinclude template="expired.cfm">
                    <cfabort>
                </cfif>
            </cfif>
        </cfif>

        <cflogin>  
            <!--- Flash Remoting setCredentials() passes cflogin.user and cflogin.password using checklogin.cfc --->
            <cfif IsDefined('cflogin')>        
                <cfquery name="qValidateLogin" datasource="#session.dbase#" username="#cflogin.name#" password="#cflogin.password#">
                    SELECT    role
                    FROM    session_roles
                </cfquery>
                <cfif qValidateLogin.RecordCount GT 0>
                    <cfloginuser name="#cflogin.name#" password="#cflogin.password#" roles="#qValidateLogin.ROLE#">
                    <cflog text="User - #cflogin.name#" type="Information" file="Filename" date="yes" time="yes">
                <cfelse>
                    <cfinclude template="login.cfm">
                    <cfabort>
                </cfif>
            <cfelse>
                <cfif right(arguments.targetPage,10) is "logout.cfm">
                    <cflocation url="index.cfm">
                    <cfabort>
                <cfelse>              
                    <cfinclude template="login.cfm">
                    <cfabort>  
                </cfif>          
            </cfif>
          
        </cflogin>
        </cfsilent>      
            
</cffunction>


</cfcomponent>

    This topic has been closed for replies.

    1 reply

    A
    Adam Cameron.
    Inspiring
    November 6, 2009
          

                    <cfquery name="qValidateLogin" datasource="#session.dbase#" username="#cflogin.name#" password="#cflogin.password#">
                        SELECT    role
                        FROM    session_roles
                    </cfquery>       


    Yikes.  So every user of your system needs to have a DB login?

    This has nowt to do with your problem, but what's the reason for doing this?

    --

    Adam

    S
    stellarinterfaceAuthor
    Participating Frequently
    November 6, 2009

    Oh no, that was my mistake. Thank you for catching that! That query is currently not being used on my Application.cfc page, which is why I wasn't having problems with it, but I'm glad you pointed it out to me. I had that code in my Application.cfc file just incase I wanted to check login from somewhere else, but my login query is actually being called with Flash Remoting using setCredentials() to connect to login.cfc. This is the correct query in my login.cfc file:

                <cfquery name="qValidateLogin" username="#session.uname#" password="#session.pword#" datasource="#session.dbase#">
                    select role from session_roles where role like 'xxxxx%'     
                </cfquery>


    I do think I figured out a solution to my problem though. I found out how to use applicationToken, which I understand if it is not set, by default will be the value of application.Name. If you want users to be able to log into multiple instances of  your application at the same time, you would give the applicationToken the same value. This would be great for clustered servers or sites with sub-domains.


    If you wanted to force only one login for the three different sites, you could give this a different value. VERY useful. So I have:

    <cfcomponent displayname="Application" output="false">
        <cfset this.name = 'SampleApp'>
        <cfset this.SessionManagement = true>
        <cfset this.SetClientCookies = true>
        <cfset this.SessionTimeout = CreateTimeSpan( 0, 0, 5, 0 ) />

        <cfset this.loginStorgage = "session">
        <cfset this.applicationtoken = 'SampleAppSub'>


    Now, I can log into this site on my development machine with multiple browsers pointing to the same site hosted on different servers - with no problem. I never had an issue with this before, but something else I recently added into my code in Application.cfc made this not work. I should probably also mention that I work on many different applications that all use the same application.Name even though they are different sites - we do this so the same settings can be deployed on different servers.

    With the applicationToken settings, I have it working again. Perhaps what made it break was setting this.loginStorage = "session"? Before this was not set and was using the default value of  "cookies" which I didn't want - because my site is used by different people on the same box and we have clustered servers.

    BKBK
    Community Expert
    BKBKCommunity Expert
    Community Expert
    November 7, 2009

    Also add something like this:


    <cfset this.applicationTimeout = createTimeSpan( 1, 0,0, 0 )>

    <cfset this.setDomainCookies = "true">

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices