• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

J2EE session rotate query

Explorer ,
Sep 17, 2018 Sep 17, 2018

Copy link to clipboard

Copied

Hi,

I am trying to implement session rotation using the article at https://www.petefreitag.com/item/829.cfm

I have added the relevant code to onSessionStart and added the jeeSessionRotate function to a component which i call when the user has been successfully cleared to login. I have called the function immediatley before where I call sessionRotate(). Problem is im getting a "setAttribute: Session [844E2EA3A042B40B5EA2545FC43C07FA.cfusion] has already been invalidated"  error. Anyone know what I'm doing wrong here?

Thanks,

Paul

Views

1.0K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Community Expert , Sep 18, 2018 Sep 18, 2018

A user can only have one session at a time. The session is identified to the server by a session token. This is either a JSESSIONID cookie if you're using J2EE session variables, or CFID and CFTOKEN cookies if you're using "native" CF session variables. If you're trying to use both, that's not going to work, and you should only be rotating one type or the other, not both. It is possible to have both types of session tokens if you have multiple CF apps on the same server with different session to

...

Votes

Translate

Translate
Community Expert ,
Sep 18, 2018 Sep 18, 2018

Copy link to clipboard

Copied

paulm1677332  wrote

Hi,

I am trying to implement session rotation using the article at https://www.petefreitag.com/item/829.cfm

I have added the relevant code to onSessionStart and added the jeeSessionRotate function to a component which i call when the user has been successfully cleared to login. I have called the function immediatley before where I call sessionRotate().

The function jeeSessionRotate rotates the J2EE session. So you should not use sessionRotate afterwards.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Sep 18, 2018 Sep 18, 2018

Copy link to clipboard

Copied

Taking it out still produces the same error. I always had sessionRotate in the code so I thought i could just add in the jeeSessionRotate  after it and it wouldnt affect the other call. They affect different session variables don't they, so I would have thought theyd be ok together?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Sep 18, 2018 Sep 18, 2018

Copy link to clipboard

Copied

A user can only have one session at a time. The session is identified to the server by a session token. This is either a JSESSIONID cookie if you're using J2EE session variables, or CFID and CFTOKEN cookies if you're using "native" CF session variables. If you're trying to use both, that's not going to work, and you should only be rotating one type or the other, not both. It is possible to have both types of session tokens if you have multiple CF apps on the same server with different session token types, but you wouldn't want one app to rotate the session token of another app.

Dave Watts, Fig Leaf Software

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Sep 19, 2018 Sep 19, 2018

Copy link to clipboard

Copied

LATEST

Ok that clears it up. Thanks Dave.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation