cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0
Upvote

CF 11 Unexpected Log Out

Guest
Dec 19, 2014 Dec 19, 2014

We are experiencing an issue where our users are being intermittently logged out of the website. This issue seems to occur directly after the initial log in to the website. After a user logs in, they click a link, then are redirected to the login page again. We are upgrading from CF 9 to CF 11 and we were not seeing this issue in CF 9. There are two main things that I've noticed when this issue occurs. The GetAuthUser() call is returning an empty string (for the user that was logged in with cfloginuser) and part of the session has been removed (as if a structdelete was performed on a variable in the session struct).

Is anyone able to help with this problem?

1.4K
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 6 Replies 6
latest latest Jump to latest reply
BKBK Community Expert
Community Expert ,
Dec 20, 2014 Dec 20, 2014

It could be anything. Session management is notoriously hard to code. Besides, the Coldfusion Team modified the session engine in Coldfusion 10.

I would start by ruling out any shortcoming in the code. Would you let us have a look at the relevant code?

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Dec 20, 2014 Dec 20, 2014
In Response To BKBK

Okay, I see there's an improved cflogin section, so maybe that has something to do with the problem. I'll read through this document.

Thanks for your response.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Feb 24, 2015 Feb 24, 2015

Hello BKBK,

We've tried a number of different solutions, but we're still experiencing the logout issue mentioned back in December. Do you have any other insight on this issue? You mentioned that you would like to see the code. Here it is:

Application.cfc:

<cfcomponent output="false">

  <cfset THIS.name = "SECURE_WEBSITE_COM">

  <cfset THIS.sessionManagement = true>

  <cfset THIS.loginStorage = "session">

  <cffunction name="onRequestStart" returntype="boolean">

  <cfargument type="string" name="targetPage" required="true">

  <cfif StructKeyExists(URL, "signout")> <!--- Explicit logout --->

  <cflogout>

  </cfif>

  <cflogin>

  <cfif IsDefined("cflogin.name") AND IsDefined("cflogin.password") AND Len(CFLOGIN.name) AND Len(CFLOGIN.password)>

  <cfloginuser name="#CFLOGIN.name#" password="#CFLOGIN.password#" roles="admin">

  <cfset SESSION.user.id = 2880>

  <cfelseif NOT Len(GetAuthUser())> <!--- User has not logged in yet --->

  <cfinclude template="/login.cfm">

  <cfabort>

  </cfif>

  </cflogin>

  <cfreturn true>

  </cffunction>

</cfcomponent>

login.cfm

<cfparam name="importantMessage" default="">

<!doctype html>

<html>

<head>

<meta charset="utf-8">

<title>Log On</title>

</head>

<body>

  <div id="contentContainer">

  <div id="mainContent">

  <cfoutput>

  <cfset showQueryString = Len(CGI.QUERY_STRING) AND CompareNoCase(CGI.QUERY_STRING, "signout=yes") NEQ 0>

  <fieldset id="loginContainer">

  <legend>Sign In</legend>

  <form name="loginform" action="#cgi.script_name#<cfif showQueryString>?#EncodeForHTMLAttribute(CGI.QUERY_STRING)#</cfif>" method="post">

  <cfif Len(importantMessage)>

  <div class="message" id="successMessage"><cfoutput>#importantMessage#</cfoutput></div>

  </cfif>

  <div>

  <label>Email:</label>

  <input name="j_username" id="j_username" type="text"  maxlength="250"<cfif IsDefined("COOKIE.savedUserName")> value="<cfoutput>#LCase(COOKIE.savedUserName)#</cfoutput>"</cfif> title="Please enter your full email address in the form: name@abc.com">

  </div>

  <div>

  <label>Password:</label>

  <input name="j_password" id="j_password" type="password"  maxlength="250" title="Please enter your password" autocomplete="off">

  </div>

  <div>

  <input type="submit" name="submit" id="submit" value="Sign In">

  </div>

  </form>

  </fieldset>

  </cfoutput>

  </div>

  <cfinclude template="/global/footer.cfm">

</div>

</body>

</html>

Additional Information:

- Although this code is a modified version of our actual code, I have verified that the logout issue does happen with this exact code.

- This issue is happening on our https production server as well as our http local environments

- We are using Microsoft IIS Version 7.5 as our webserver

- If you think this is an issue with the Coldfusion Administrator settings, I would be happy to provide them to you

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
BKBK Community Expert
Community Expert ,
Feb 25, 2015 Feb 25, 2015
In Response To Deleted User

My suggestions:

Application.cfc

<cfcomponent output="false">

  <cfset THIS.name = "SECURE_WEBSITE_COM">

  <cfset THIS.sessionManagement = true>

  <cfset THIS.loginStorage = "session">

  <cfset THIS.applicationTimeout = "#createTimespan(1,0,0,0)#"> <!--- suggestion added --->

  <cfset THIS.sessionTimeout = "#createTimeSpan(0,0,20,0)#"> <!--- suggestion added --->

  <cffunction name="onRequestStart" returntype="boolean">

  <cfargument type="string" name="targetPage" required="true">

 

  <cfif StructKeyExists(URL, "signout")> <!--- Explicit logout --->

  <cflocation url="/logout.cfm"> <!--- suggestion added --->

  </cfif>

  <cflogin>

      <cfif IsDefined("cflogin.name") AND IsDefined("cflogin.password") AND Len(CFLOGIN.name) AND Len(CFLOGIN.password)>

          <cfloginuser name="#CFLOGIN.name#" password="#CFLOGIN.password#" roles="admin">

          <cfset SESSION.user.id = 2880>

          <!--- I think the GetAuthUser() test is redundant. As we are now within the cflogin tag, it means this user is non-authorized anyway--->

        <!--- <cfelseif NOT Len(GetAuthUser())> ---> <!--- User has not logged in yet --->

      <cfelse> <!--- suggestion added --->

           <cfinclude template="/login.cfm">

          <cfabort>

      </cfif>

  </cflogin>

  <cfreturn true>

  </cffunction>

</cfcomponent>

logout.cfm

<cflogout>

You have logged out. <br>

<p><a href="login.cfm">Log in</a></p>

<cfabort>

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Feb 25, 2015 Feb 25, 2015
In Response To BKBK

Thanks again for your suggestions. I will try them out.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
coylo
Community Beginner ,
May 29, 2015 May 29, 2015
LATEST
In Response To Deleted User

i am having this exact same issue. did you ever get to the bottom of it?

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Open in a new window
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices