J2EE session rotate query

Question

Hi,I am trying to implement session rotation using the article at https://www.petefreitag.com/item/829.cfm I have added the relevant code to onSessionStart and added the jeeSessionRotate function to a component which i call when the user has been successfully cleared to login. I have called the function immediatley before where I call sessionRotate(). Problem is im getting a "setAttribute: Session [844E2EA3A042B40B5EA2545FC43C07FA.cfusion] has already been invalidated"  error. Anyone know what I'm doing wrong here?Thanks,Paul

Dave Watts · Accepted Answer

A user can only have one session at a time. The session is identified to the server by a session token. This is either a JSESSIONID cookie if you're using J2EE session variables, or CFID and CFTOKEN cookies if you're using "native" CF session variables. If you're trying to use both, that's not going to work, and you should only be rotating one type or the other, not both. It is possible to have both types of session tokens if you have multiple CF apps on the same server with different session token types, but you wouldn't want one app to rotate the session token of another app.

Dave Watts, Fig Leaf Software

BKBK · Answer

paulm1677332 wroteHi,I am trying to implement session rotation using the article at https://www.petefreitag.com/item/829.cfm I have added the relevant code to onSessionStart and added the jeeSessionRotate function to a component which i call when the user has been successfully cleared to login. I have called the function immediatley before where I call sessionRotate(). The function jeeSessionRotate rotates the J2EE session. So you should not use sessionRotate afterwards.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded