Advisor
,
Good morning,
We used CF2021 and we installed the lates update 17. Started having issues with our login system in one box losing the cfathentication session var.
I created a test login to trace the issue in the same box, because in other box works fine. The security team applied some stigs to the box lately and not sure if that is afecting the browser.
When user login the first time the cfauthentication is not showing.
Here is the application.cfc
<cfcomponent output="false" hint="I define the application settings and event handlers.">
<cfscript>
//Define the application settings.
this.clientManagement = false;
// define the cflogin storage
this.loginStorage = "session";
this.name = listLast(getDirectoryFromPath(getCurrentTemplatePath()), "\");
this.applicationTimeout = createTimeSpan( 0, 0, 0, 10 );
this.sessionManagement = true;
this.sessionTimeout = createTimeSpan( 0, 0, 5, 0 );
this.setClientCookies = true;
this.secureJSONPrefix = "";
</cfscript>
<!--- Define the request settings. --->
<cfsetting showdebugoutput="false"/>
<cffunction name="onApplicationStart" access="public" returntype="boolean" output="false" hint="I initialize the application.">
<cfscript>
// root and upload folder
application.root_folder = this.name;
application.upload_folder = Left(getDirectoryFromPath(getBaseTemplatePath()), FindNoCase('\', getDirectoryFromPath(getBaseTemplatePath()), FindNoCase(application.root_folder, getDirectoryFromPath(getBaseTemplatePath())))) & "UPLOAD_" & uCase(this.name);
application.absolute_folder = Left(getDirectoryFromPath(getBaseTemplatePath()), FindNoCase('\', getDirectoryFromPath(getBaseTemplatePath()), FindNoCase(application.root_folder, getDirectoryFromPath(getBaseTemplatePath()))));
</cfscript>
<!--- Initialize the application settings. --->
<cfset application.dateInitialized = now() />
<cfset application.debug = debug />
<cfset application.sqlRegEx = "<[^>]*>|insert|select|delete|update|create|drop|alter|&|%|" />
<!--- Return true so that the page can load. --->
<cfreturn true />
</cffunction>
<cffunction name="onApplicationEnd" output="no" returnType="void">
<cfargument name="applicationScope" required="true" />
</cffunction>
<cffunction name="onRequestStart" output="true" returnType="boolean">
<cfargument name="thePage" type="string" required="true" />
<cfif NOT isDefined("session.loggedIn")>
<cfset session.loggedIn = false />
</cfif>
<cfreturn true />
</cffunction>
<cffunction name="onSessionStart" access="public" returntype="void" output="false" hint="I initialize the session.">
<!--- Initialize the session settings. --->
<cfset session.dateInitialized = now() />
<cfset session.id = createUuid() />
<cfif NOT isDefined("session.loggedIn")>
<cfset session.loggedIn = false />
</cfif>
<!--- Return out. --->
<cfreturn />
</cffunction>
<cffunction name="onRequest" returnType="void">
<cfargument name="thePage" type="string" required="true" />
<!--- <cfset applicationStop() /> --->
<cflogin applicationtoken="#this.name#" idletimeout="#this.sessionTimeout#">
<cfif (isDefined("form.j_username") and len(trim(form.j_username)) GT 0 and isDefined("form.j_password") and len(trim(form.j_password)) GT 0)>
<!--- check for SQL injection and script since log in form is semi-public --->
<cfset cflogin.name = REReplaceNocase("#trim(cflogin.name)#", application.sqlRegEX, "", "ALL") />
<cfset cflogin.password = REReplaceNocase("#trim(cflogin.password)#", application.sqlRegEX, "", "ALL") />
<cfif authenticateUser(cflogin.name, cflogin.password)>
<cfset session.loggedIn = true />
<cfloginuser name="#cflogin.name#" password="#cflogin.password#" roles="SUPER USER">
<cfelse>
<cfset variables.loginError = "Username and/or Password is Invalid." />
</cfif> <!--- END IF: authenticateUser() --->
</cfif>
<!--- <cfset application.debug(session)/><cfabort> --->
<cfif isDefined("session.loggedIn") AND NOT session.loggedIn>
<cfinclude template="login.cfm" />
<cfabort />
<cfelse>
<cfinclude template="index.cfm" />
</cfif>
</cflogin>
</cffunction>
<cffunction name="authenticateUser" output="no" returntype="boolean">
<cfargument name="userName" required="yes" type="string" />
<cfargument name="passWord" required="yes" type="string" />
<cfset var returnValue = FALSE />
<cfset var qryAuthUser = "" />
<cfquery name="qryAuthUser" datasource="myDatabase">
SELECT *
FROM users u
WHERE u.user_id = <cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#trim(arguments.userName)#" />
AND u.user_password = <cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#hash(trim(arguments.passWord))#" />
</cfquery>
<cfif qryAuthUser.recordCount eq 1>
<cfset returnValue = TRUE />
</cfif>
<cfreturn returnValue />
</cffunction>
<cffunction name="debug" access="public" output="true" returntype="void">
<cfargument name="input" required="No" default="" />
<cfset var debugFile = '#application.absolute_folder#debug.cfm' />
<cfset var debugInfo = "" />
<cfsavecontent variable="debugInfo">
<p><strong>DEBUGGING</strong>: <cfoutput> #dateFormat(now(),'mm/dd/yyyy')# #timeFormat(now(), 'HH:mm:ss tt')# </cfoutput><br>
<cfdump var="#arguments.input#" label="custom" format="html">
<cfdump var="#form#" label="form" format="html">
<cfdump var="#url#" label="url" format="html">
<cfdump var="#cgi#" label="cgi" format="html">
<cfdump var="#application#" label="application" format="html">
</cfsavecontent>
<cffile action="WRITE" file="#debugFile#" output="#debugInfo#" />
</cffunction>
</cfcomponent>
And login.cfm
<!DOCTYPE html>
<cfsilent>
<cfparam name="session.lastLoginDate" default="" type="string">
<cfparam name="variables.user_id" default="" type="string">
<cfparam name="FORM.j_username" type="string" default="" />
<cfparam name="FORM.j_password" type="string" default="" />
</cfsilent>
<!--- <cfset application.debug(session)/><cfabort>--->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title><cfoutput>Test Site</cfoutput></title>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=10, user-scalable=yes">
</head>
<body>
<h1>
Application Login
</h1>
<form action="#CGI.script_name#" method="post">
<label>
Username:
<input type="text" name="j_username" size="20" />
</label>
<br />
<br />
<label>
Password:
<input type="password" name="j_password" size="20" />
</label>
<br />
<br />
<input type="submit" value="Login" />
</form>
</body>
</html>and the Index.cfm
<cfoutput>
<cfset application.debug(session)/>
<cfif isDefined("session.loggedIn") and session.loggedIn >
<h1>We are in </h1>
</cfif>
<h1>
Application And Session Overview
</h1>
<p>
Application initialized:
#dateDiff(
"s",
application.dateInitialized,
now()
)#
seconds ago.
</p>
<p>
Session initialized:
#dateDiff(
"s",
session.dateInitialized,
now()
)#
seconds ago.
</p>
</cfoutput>The first time I do the login the session var cfathentication is not showing
If I refresh the browser the session var shows.
What am I doing wrong? Any ideas?
Thanks in advanced.
Johnny
33
Replies
33
33
Replies
jfb00
AUTHOR
Advisor
,
"Your code is much improved, and should work. The problem you are getting with getAuthUser() is unlikely to be related to any ColdFusion settings or fixes. "
Based on this I decided to uninstall CF becuase I already tried to revert the 17 update. I am getting this error:
I check the jvm.cfg file in C:\ColdFusion2021\jre\lib\ and show this:
-server KNOWN
-client IGNORE
Is there a way to fix this error and unstall CF ?
Thanks, Johnny
Resources
Documentation
AdChoices