• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

J2EE Session rotation query

Participant ,
May 13, 2020 May 13, 2020

Copy link to clipboard

Copied

Hi,

 

I have Use J2EE session variables enabled on my server and now want to rotate the corresponding jessionid on login. I used to rotate the inbuilt coldfusion session variables using sessionRotate but now have no need so replaced this in my code with jeeSessionRotate (https://www.petefreitag.com/item/829.cfm). 

 

I have also added the relevant code in onSessionStart but I keep getting an error a few lines after calling jeeSessionRotate. The error happens when I try and set some session variable and I get an "set attribute... session has already been invalidated" error because its trying to use the previous session. I assume the code in onSessionStart would cater for this. Am I missing something along the line here? I'm calling jeeSessionRotate on successful login and later on in that file i'm setting some variables.

 

Seems from the post that all required was to create the new function and add the code to onSessionStart and it should work. Anyone any ideas?

 

Thanks

 

Views

1.4K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Participant , May 21, 2020 May 21, 2020

Hi,

 

Yes that worked. Thought I might have been able to get it working all from the 1 page but calling onSessionStart directly or creating a new function with the code from onSessionStart and calling that directly after the rotate also didnt work. Sending it to the new page did the job.

 

Thanks

Votes

Translate

Translate
Community Expert ,
May 17, 2020 May 17, 2020

Copy link to clipboard

Copied

An idea.

You're perhaps getting an error because, even though the old session has been invalidated, it is still in effect in the current page. So, if a line of code writes to the session scope, ColdFusion will attempt to write to the invalidated session.

 

You therefore have to initiate the new session directly after session rotation. That is, before any line of code that writes to session. One way to do this is by starting a new request to a CFM page.

 

Start by copying all the code that comes after the call jeeSessionRotate() from the login page to a new page, postLogin.cfm. The pseudocode follows.

 

login.cfm

<!--- Login code --->

<!--- Code that invokes the function jeeSessionRotate()  --->

<cflocation url="postLogin.cfm">

 

postLogin.cfm

<!--- Code that comes after jeeSessionRotate() in the previous login page --->

 

In this way, the new session will be in effect on the page postLogin.cfm.

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
May 21, 2020 May 21, 2020

Copy link to clipboard

Copied

Hi,

 

Yes that worked. Thought I might have been able to get it working all from the 1 page but calling onSessionStart directly or creating a new function with the code from onSessionStart and calling that directly after the rotate also didnt work. Sending it to the new page did the job.

 

Thanks

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
May 17, 2020 May 17, 2020

Copy link to clipboard

Copied

Paul, I think you'd be wise to add a comment on Pete's post, either asking the same question or (perhaps better) pointing to this, not only to get Pete's attention but also that of others who may have used that function.

 

And since it's a post from 2014 and talking about cf10 (cf11 came out in 2014 also), perhaps things have changed, either in those (per updates) or in cf2016 or 2018, so you may want to clarify also which you're using, to better help those who may want to help you. 


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
May 21, 2020 May 21, 2020

Copy link to clipboard

Copied

LATEST

Hi Charlie,

 

Thanks for that. I did see some comments on Petes article but hadn't seen any recent replies so I didn't think he was replying. BKBK's way worked, I just thought the J2EE session rotation would have worked similiarly to the sessionRotate function and not required alterations to my login process.

 

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation