Skip to main content
A
Anonymous
August 9, 2013
Question

Help with refreshing page error

  • August 9, 2013
  • 1 reply
  • 1835 views

I created a search result page. User who has no login/password can see the search result but it is read only while user with login/password can do more with the search result.

My page is started with: 

<CFIF IsDefined("url.uid") >   

    <CFSET userid ="#Decrypt(url.uid,application.mySecretKey,"AES","hex")#">

 

This page is doing just fine except when user left the page idle for sometime then comes back and refresh the page. That's the time when

an error shows up:

It seems that CF can't decrypt the url.uid after the page becomes idle for awhile.

The error:

The following information is meant for the website developer for debugging purposes.
Error Occurred While Processing Request
 

An error occurred while trying to encrypt or decrypt your input string: com.rsa.jsafe.crypto.dr: Could not perform unpadding: invalid pad byte..

My Application.cfc looks like this: 


<cfcomponent name="Application">

    <cfscript>
        this.name = "TWI";
        this.applicationTimeout = createTimeSpan(0,1,0,0);
        this.clientManagement = false;
        this.sessionManagement = true;
        this.sessionTimeout = createTimeSpan(0,1,0,0); 
    </cfscript>

    <cffunction name="onApplicationStart" returnType="boolean" output="false"> 
  <cfset application.dsn = "TWI">
  <cfset application.mySecretKey = generateSecretKey("AES")> 
        <cfreturn true /> 
    </cffunction>

   <cffunction name="onRequestStart" returnType="string" output="false">
     <cfset request.mySecretKey = application.mySecretKey />
     <cfset request.algorithm = "AES" />
     <cfset request.encoding = "hex" />
   </cffunction>

    <cffunction name="onApplicationEnd" returnType="void" output="false">
        <cfargument name="applicationScope" required="true" />
 
        <cfreturn />
    </cffunction>

    <cffunction name="OnSessionStart" access="public" returntype="void" output="false">
 
  <CFSET session.EntityId= "0">
  <CFSET session.Roles="">
 
        <cfreturn />
    </cffunction>
  
    <cffunction name="OnSessionEnd" access="public" returntype="void" output="false">
        <cfargument name="SessionScope" type="struct" required="true" />
        <cfargument name="ApplicationScope" type="struct" required="false" default="#StructNew()#" /> 
    
        <cfreturn />
    </cffunction>


</cfcomponent>

What should I do to avoid this error showing up again? Have I done something wrong if the codes in my application.cfc or there is something else I haven't done?

For other pages where only users with login/password can access, I started the code with: 

<CFIF session.EntityId IS 0>

    <cflocation url="index.cfm">

<CFELSE>

   <!--- Codes here --->  

</CFIF>

With these codes on top of the page, if user left the page idle for awhile then comes back and refresh, I did not get the error because  the site will go back to idex.cfm

I can't do this to the search page because users without login/password are allowed to search and see the search result.  Can anyone help with solution?



This topic has been closed for replies.

1 reply

BKBK
Community Expert
BKBKCommunity Expert
Community Expert
August 10, 2013

Applications own sessions, and so should survive them. Therefore, I wouldn't set the session timeout to the same value as the application timeout. Change it to something like

this.sessionTimeout = createTimeSpan(0,0,20,0);

That might solve the problem.

A
Anonymous
August 12, 2013

Hi! I just folowed your suggestion and after I login at around 8AM I let the site idle for about 31/2 hrs

When I refreshed the site I got the same error

BKBK
Community Expert
BKBKCommunity Expert
Community Expert
August 12, 2013

Replace

<CFIF IsDefined("url.uid") >

<CFSET userid ="#Decrypt(url.uid,application.mySecretKey,"AES","hex")#">

with

<CFIF IsDefined("url.uid") and isDefined("application.mySecretKey")>  

<CFSET userid = decrypt(url.uid,application.mySecretKey,"AES","hex")>

Even if this doesn't solve the problem, it  improves the code somewhat.

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices