Inspiring

Question

Problem with session and long domain name in Chrome

Forum|Forum|11 years ago
April 22, 2014
2 replies
1622 views

Does someone knows if there is a limitation with Chrome about create variable session when the domain name is long?

For example I have domain like this one

http://www.abcdefghijklmnopqrstuxyz12345678.com.mx/

I have my index with user login and when I validate the account If it is correct I create the variable session and I do a cflocation to the user home page.

But the userhome.cfm detects that the SESSION.AuthCte.IsLoggedIn variable is not defined.

If i use the IP instead of domain name it works.

It works too if I put addtoken="yes".

If I use the IE browser with the domain name it works.

Regards!

chrome

This topic has been closed for replies.

BKBK

Community Expert

I have a number of questions. What is your ColdFusion version? Do you use Application.cfm or Application.cfc? Could you show us the code that sets up the application, that is, the code for applicationtimeout, sessiontimeout, setClientCookies, etc.? Do you set the session cookies manually, for example, using the cfcookie tag?

zamvilAuthor

Inspiring

Hi BKBK,

I'm using CF10 and aplicaction.cfc

I don't use cookies to set the session. I only use cfcookie for kill the session on the application.cfc when the user sign out.

<cffunction

name="onRequestStart"

access="public"

returntype="boolean"

output="false"

hint="I initialize the page request.">

<!---

Check to see if we killed the session timeout in the

psuedo constructor. If we did, we can / should now

kill the cookies for the current session and then

redirect such that the user can get their new session.

--->

<!---

Clear all of the session cookies. This will

expire them on the user's computer when the

CFLocation executes.

--->

<cfloop

index="local.cookieName"

list="cfid,cftoken,cfmagic">

<cfcookie

name="#local.cookieName#"

value=""

expires="now"

/>

</cfloop>

<!---

Redirect back to the primary page (so that we dont

have the killSession URL parameter visible).

--->

<cflocation

url="index.cfm"

addtoken="false"

/>

</cfif>

Regards

BKBK

Community Expert

I cannot imagine that this is caused by the length of the domain name. What Tribule says is correct. It is a general rule that you should not write session variables followed by a cflocation on the same page.

The expected behaviour of the cflocation tag is not only to redirect the browser to the new page, but also to instruct ColdFusion to stop executing the current page. So it can happen that the session setting fails to 'stick'.

The error is a blessing in disguise. It tells you your current login framework needs to be improved. That is just my opinion, of course.

To start with, you should never have to kill sessions to log a user out. There is a special tag for that, cflogout. To implement this, replace the code <cfif structKeyExists( url, "killSession" )> with <cfif structKeyExists( url, "logout" )>. Then create the page logout.cfm and put <cflogout> in it. You may optionally add text like <h3>You have logged out.</h3> to it, and a link that points to the login page.

If, after testing for login, the validation is succesful, use <cflogin><cfloginuser name="xxx" password="yyy" roles="z"></cflogin> to log the user in. Once the user is logged in, the ColdFusion function getAuthUser() will contain the value of the name attribute of the cfloginuser tag, for example, xxx in this example.

By default, getAuthUser() returns an empty string. You can therefore use it to test whether or not the user is logged in.

You now have much neater login logic. If the current page is index.cfm and getAuthUser() is non-empty, for example, then ColdFusion does a cflocation to userhome.cfm. If getAuthUser() is an empty string, then ColdFusion includes index.cfm.

I should add that the best place for this code is onRequestStart. Furthermore, you can store the login information in the session scope. To do so, set this.loginStorage="session" in Application.cfc. There then is the connection between session and login.

Feel free to return here with any questions you may have. Happy coding!