Question
session scope issue.
Hello;
I created a log in system for a sub directory in my web site. I have the directory locked down using an application.cfc file, it also takes orders from the application.cfc file in the main directory.
I think I set my session variables properly when the user logs into the app. But when I try and add a tag to lock something out, it says my session is not defined in the session scope.
I am trying to make tags the will take out elements if you do not have admin access. This is shown by a checkbox in the database, or in access it is a yes/no field. I have tags that if it eq True it does one thing. and those work, but they do not run on the session scope.
The best thing I think I can do is to show you how my session scope is set up. there are different kinds.
1. is just the session you get as just any user who surfs the web.
2. is the back end user who is either an admin or not.
application.cfc in main directory:
<cfscript>
THIS.name = "my web";
THIS.sessionManagement=true;
THIS.clientManagement=true;
THIS.applicationTimeout = createTimeSpan(0,0,20,0);
THIS.sessionTimeout = createTimeSpan(0,0,20,0);
</cfscript>
<cffunction name="onSessionStart" returntype="any" output="true">
<cfset SESSION.created = now()>
<cfset CLIENT.cfid = SESSION.cfid>
<cfset CLIENT.cftoken = SESSION.cftoken>
<!--- I have some other things in here for tracking and page views and so on --->
</cffunction>
Application.cfc in sub directory:
<cffunction name="OnRequestStart" output="false" returntype="string">
<cfif NOT isDefined("SESSION.auth.isLoggedIn")>
<cflocation url="../sitemanager.cfm" addtoken="no">
<cfabort>
<cfelseif isDefined("FORM.UserLogin")>
<cfinclude template="../LoginCheck.cfm">
<cfreturn true>
</cfif>
</cffunction>
<cffunction name="onSessionStart" returntype="any" output="true">
<cfset SESSION.created = now()>
<cfset SESSION.auth = structNew()>
<cfset SESSION.auth.isLoggedIn = "Yes">
<cfset SESSION.auth.id = SESSION.auth.id>
<cfset SESSION.auth.Fname = SESSION.auth.Fname>
<cfset SESSION.auth.Lname = SESSION.auth.Lname>
<cfset SESSION.auth.isAdminstrator = SESSION.auth.isAdminstrator>
</cffunction>
and I set off the sessions with my login page:
<CFQUERY NAME="IsValidLogin" datasource="#APPLICATION.dataSource#">
SELECT user.Fname, user.Lname
FROM user
WHERE userName =<cfqueryparam cfsqltype="cf_sql_varchar" value="#FORM.userLogin#">
</CFQUERY>
<CFQUERY NAME="IsValidUser" datasource="#APPLICATION.dataSource#">
SELECT user.id, user.Fname, user.Lname, user.admin
FROM user
WHERE userName =<cfqueryparam cfsqltype="cf_sql_varchar" value="#FORM.userLogin#">
AND password =<cfqueryparam cfsqltype="cf_sql_varchar" value="#FORM.userPassword#">
</CFQUERY>
<cfif IsValidUser.recordcount eq 1>
<cflock scope="Session" type="EXCLUSIVE" TIMEOUT="20">
<cfset SESSION.auth = structNew()>
<cfset SESSION.auth.isLoggedIn = "Yes">
<cfset SESSION.auth.id = IsValidUser.id>
<cfset SESSION.auth.Fname = IsValidUser.Fname>
<cfset SESSION.auth.Lname = IsValidUser.Lname>
<cfset SESSION.auth.isAdminstrator = IsValidUser.admin>
</cflock>
so there are 3 pages control the session in this app so far. I thought I had them defined, I have some tags working using thee variables.
this works:
<cfif isDefined("SESSION.auth.Fname")>
Hello #SESSION.auth.Fname#!
</cfif>
and this doesn't:
<cfif SESSION.auth.isAdminstrator EQ "True">
you get this if you are an admin. if you are not an admin, it does not appear at all
</cfif>
this is the error I get:
Element AUTH.ISADMINSTRATOR is undefined in SESSION.
The error occurred on line 134.
Is there a way to write this or a form of this tag?
Thanks
So is it my tag that isn't working?
I created a log in system for a sub directory in my web site. I have the directory locked down using an application.cfc file, it also takes orders from the application.cfc file in the main directory.
I think I set my session variables properly when the user logs into the app. But when I try and add a tag to lock something out, it says my session is not defined in the session scope.
I am trying to make tags the will take out elements if you do not have admin access. This is shown by a checkbox in the database, or in access it is a yes/no field. I have tags that if it eq True it does one thing. and those work, but they do not run on the session scope.
The best thing I think I can do is to show you how my session scope is set up. there are different kinds.
1. is just the session you get as just any user who surfs the web.
2. is the back end user who is either an admin or not.
application.cfc in main directory:
<cfscript>
THIS.name = "my web";
THIS.sessionManagement=true;
THIS.clientManagement=true;
THIS.applicationTimeout = createTimeSpan(0,0,20,0);
THIS.sessionTimeout = createTimeSpan(0,0,20,0);
</cfscript>
<cffunction name="onSessionStart" returntype="any" output="true">
<cfset SESSION.created = now()>
<cfset CLIENT.cfid = SESSION.cfid>
<cfset CLIENT.cftoken = SESSION.cftoken>
<!--- I have some other things in here for tracking and page views and so on --->
</cffunction>
Application.cfc in sub directory:
<cffunction name="OnRequestStart" output="false" returntype="string">
<cfif NOT isDefined("SESSION.auth.isLoggedIn")>
<cflocation url="../sitemanager.cfm" addtoken="no">
<cfabort>
<cfelseif isDefined("FORM.UserLogin")>
<cfinclude template="../LoginCheck.cfm">
<cfreturn true>
</cfif>
</cffunction>
<cffunction name="onSessionStart" returntype="any" output="true">
<cfset SESSION.created = now()>
<cfset SESSION.auth = structNew()>
<cfset SESSION.auth.isLoggedIn = "Yes">
<cfset SESSION.auth.id = SESSION.auth.id>
<cfset SESSION.auth.Fname = SESSION.auth.Fname>
<cfset SESSION.auth.Lname = SESSION.auth.Lname>
<cfset SESSION.auth.isAdminstrator = SESSION.auth.isAdminstrator>
</cffunction>
and I set off the sessions with my login page:
<CFQUERY NAME="IsValidLogin" datasource="#APPLICATION.dataSource#">
SELECT user.Fname, user.Lname
FROM user
WHERE userName =<cfqueryparam cfsqltype="cf_sql_varchar" value="#FORM.userLogin#">
</CFQUERY>
<CFQUERY NAME="IsValidUser" datasource="#APPLICATION.dataSource#">
SELECT user.id, user.Fname, user.Lname, user.admin
FROM user
WHERE userName =<cfqueryparam cfsqltype="cf_sql_varchar" value="#FORM.userLogin#">
AND password =<cfqueryparam cfsqltype="cf_sql_varchar" value="#FORM.userPassword#">
</CFQUERY>
<cfif IsValidUser.recordcount eq 1>
<cflock scope="Session" type="EXCLUSIVE" TIMEOUT="20">
<cfset SESSION.auth = structNew()>
<cfset SESSION.auth.isLoggedIn = "Yes">
<cfset SESSION.auth.id = IsValidUser.id>
<cfset SESSION.auth.Fname = IsValidUser.Fname>
<cfset SESSION.auth.Lname = IsValidUser.Lname>
<cfset SESSION.auth.isAdminstrator = IsValidUser.admin>
</cflock>
so there are 3 pages control the session in this app so far. I thought I had them defined, I have some tags working using thee variables.
this works:
<cfif isDefined("SESSION.auth.Fname")>
Hello #SESSION.auth.Fname#!
</cfif>
and this doesn't:
<cfif SESSION.auth.isAdminstrator EQ "True">
you get this if you are an admin. if you are not an admin, it does not appear at all
</cfif>
this is the error I get:
Element AUTH.ISADMINSTRATOR is undefined in SESSION.
The error occurred on line 134.
Is there a way to write this or a form of this tag?
Thanks
So is it my tag that isn't working?
AdChoices