Skip to main content
A
Anonymous
August 1, 2009
Question

onSessionStart method runs on every request!??

  • August 1, 2009
  • 2 replies
  • 4833 views

having some difficulty with a remote server running the onSessionStart method on every request. Note: this works perfectly in development.

I have this in my application cfc - note where I am dumping the session variable to screen for debugging. what I have noticed is that the onSessionStart method runs every time, resetting the users login [user can;t log in] it used to give a new session id every request, now that has stopped, but no closer to a solution:

    <!--- session handling --->
    <cffunction name="onSessionStart" output="true" access="public" >
    
        <cflock scope="session" timeout="5" type="Exclusive">
            <cfscript>
                Session.starttime = now();
                session.authenticated = "false";
                session.authattempts = 0;
                Session.shoppingCart = ArrayNew(2);
            </cfscript>
        </cflock>    
        Session start<cfdump var="#session#" /><br />    
    </cffunction>
    
    <cffunction name="onSessionEnd" output="false" access="public" >
    Session end<cfdump var="#session#" /><br />
    </cffunction>
       
    <!---  request handling --->
    <cffunction name="onRequestStart" output="true" access="public" >
    
        <cfargument name="requestname" required=true/>
        request start<cfdump var="#session#" /><br />
        <cfparam name="message" default="" />
        <cfparam name="success" default="" />
        <cfparam name="error" default="" />
        
        <cfif session.authenticated is not session.sessionid >
            <cfinclude template="./login.cfm" />
        </cfif>
    </cffunction>
    
    <cffunction name="onRequest" output="yes" >
        <cfargument name="targetPage" type="String" required="true" />        
            the request<cfdump var="#session#" /> <br />
            <cfif session.authenticated is session.sessionid>
            
            <cfscript>
            if (IsDefined("url.delFromCart")){
                cart_obj = CreateObject("component", "cfc.cart");
                cart_obj.delFromCart(url.delFromCart);
            }
            </cfscript>
            
            <cfsavecontent variable="myContent">
                <cfinclude template="..#arguments.targetPage#" />
            </cfsavecontent>
            
            <cfoutput>#myContent#</cfoutput>
            </cfif>
        
    </cffunction>
    
    <cffunction name="onRequestEnd" output="yes" access="public" >
        request end<cfdump var="#session#" /> <br />
    </cffunction>

Has anyone seen this? must be a server error right?

HELP!!

-sean

This topic has been closed for replies.

2 replies

BKBK
Community Expert
BKBKCommunity Expert
Community Expert
August 2, 2009
having some difficulty with a remote server running the onSessionStart
method on every request. Note: this works perfectly in development.

The commonest cause of this kind of cross-server discrepancy is that the application and session settings  in the Administrator are not the same. Have you enabled the use of application and session variables in the Administrator? Does your Application.cfc define the usual variables, this.sessionManagement = "true", this.sessionTimeout = "#createTimeSpan(0,0,20,0)#", this.loginStorage = "session",  this.setClientCookies = "true" and so on?

I expected to see the code for cflogin in onRequestStart. That is where you would do the login validation and set session.authenticated accordingly. I have to assume you have an equivalent construction to do that elsewhere. But I doubt it would  do as good a job as running cflogin in onRequestStart. On a different note, there is no need for a session lock in onSessionStart.

    A
    Anonymous
    August 3, 2009

    I've check [and double-triple checked!!] all of this and it all appears correct:

    Have you enabled the use of application and session variables in the Administrator? Does your Application.cfc define the usual variables, this.sessionManagement = "true", this.sessionTimeout = "#createTimeSpan(0,0,20,0)#", this.loginStorage = "session", this.setClientCookies = "true" and so on?

    I expected to see the code for cflogin in onRequestStart. That is where you would do the login validation and set session.authenticated accordingly. I have to assume you have an equivalent construction to do that elsewhere.But I doubt it would  do as good a job as running cflogin in onRequestStart.

    I have never used cflogin, always been developing on linux,  it seems to me that somewhere areound version 4 there was a problem with cflogin+linux, honestly I don't remember, I just started crafting my own authentication and never looked back!

    However:

    On a different note, there is no need for a session lock in onSessionStart.

    ha! yes... I suppose that does make perfect sense.

    Now,

    I can't prove this, but It seems that if I set the session.timeout in my application.cfc to exactly the same timeout as in cfadmin, my onSessionStart methods will run on every request.  i.e. I can't get it to fail reliably [!?] by setting different timeout values.

    As a stopgap, right now I have the application session timeout set to one minute less than the cfadmin timeout. and it seems to be working for a couple of days now, but I am not convinced that the problem will not resurface. I think somehting odd is still going on.

    -sean

    D
    Dan_Bracuk
    Inspiring
    August 1, 2009

    This looks like a problem in onRequestStart:

        <cfif session.authenticated is not session.sessionid >
                <cfinclude template="./login.cfm" />
            </cfif>

    At what point do you attempt to make those two variables equal to each other?

    A
    Anonymous
    August 1, 2009

    works perfectly in development environment...

    I set the session in the authentication function and just keep checking that [as you can see]

    <cflock scope="session" timeout="5" type="Exclusive">
                <cfscript>
                    session.authenticated = "#session.sessionid#";
                    session.role = "#authenticate.role#";
                    session.gid = "#authenticate.id#";
                </cfscript>
    </cflock>
    <cflocation url="./index.cfm" addtoken="no" />

    so that way I have all their roles/creds handy in the session scope, they get checked on every request and to bounce them I check another variable in the request to look for a logout.

    -sean

    D
    Dan_Bracuk
    Inspiring
    August 1, 2009

    If the if/else logic runs at onRequestStart, at what point does your authentication function have a chance to run?

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices