Page renders HTML after session timeout and reload, then renders correctly after a second reload

Report · Jun 22, 2025

If I leave my page long enough for the user login session to timeout, then reload the page, I get an HTML rendering of the page. Then if I reload it again, the page renders normally. It happens on at least two pages I have tested so far.

Firefox gives an engimatic error "SyntaxError: JSON.parse: unexpected character at line 1 column 1 of the JSON data", but apart from that, nothing else. I don't know what it's looking at when it says "line 1".

Line 1 of the HTML itsef is:

<!DOCTYPE html>

Before I start deconstructing the page line by line till the error goes away, just wondering if anyone had come across any such thing before.

Report · Jun 23, 2025

The standard rendering of the response that reaches the browser is HTML. So I am confused by your distinction between "HTML" and "normal" rendering. Please explain what you mean by each.

Could it be that the expected response type is JSON, whereas the actual response is HTML? For example, ColdFusion might be overriding the response with an HTML error message (the error resulting from improper handling of the session timeout).

Report · Jun 23, 2025

Page displays HTML code instead of the rendered HTML. I'll have to look into your suggestion. Thanks.

Report · Jun 23, 2025

Thanks for clarifying. That confirms my guess.

The response is expected to be JSON, upon ColdFusion processing the reloaded request. But, as the request comes in when the session has timed out, this likely triggers an error. ColdFusion's error-handler then responds with HTML. In other words, ColdFusion has not yet had the chance to process the request.

When you again reload the page, ColdFusion starts a new session. As a result, ColdFusion processes the page as expected, returning JSON.

You could fix this by checking for a valid session at the beginning of every request. Here is a rough example which you can tailor to your needs:

Application.cfc

component {

    this.name = "MyApp";
    this.sessionManagement = true;
    this.applicationTimeout = createTimeSpan(1,0,0,0); // 1 day
    this.sessionTimeout = createTimeSpan(0,0,20,0); // 20 minutes

    boolean function onRequestStart(string targetPage) {

        // Pages that don't require session (e.g., login, assets)
        if (
            listFindNoCase("loginPage.cfm,index.cfm,myApp/menu.cfc", listLast(arguments.targetPage, "/")) OR
            findNoCase("/assets/", arguments.targetPage)
        ) {
            return true; // Allow request
        }

        // Check for user session
        if (!structKeyExists(session, "userLogin")) {

            // Detect AJAX request
            if (structKeyExists(cgi, "http_x_requested_with") and cgi.http_x_requested_with EQ "XMLHttpRequest") {
                // Return JSON session timeout
                cfheader(name="Content-Type", value="application/json");
                writeOutput(serializeJSON({error="sessionTimeout"}));
                return false; // Stop further processing
            } else {
                // For standard requests, redirect to login page
                location("/loginPage.cfm", false);
                return false; // Stop further processing
            }
        }

        // Session exists: continue normally
        return true;
    }
}

Report · Jun 23, 2025

Thanks for the suggestions. Regarding the code:

if (!structKeyExists(session, "userLogin")) {

            // Detect AJAX request
            if (structKeyExists(cgi, "http_x_requested_with") and cgi.http_x_requested_with EQ "XMLHttpRequest") {
                // Return JSON session timeout
                cfheader(name="Content-Type", value="application/json");
                writeOutput(serializeJSON({error="sessionTimeout"}));
                return false; // Stop further processing
            } else {
                // For standard requests, redirect to login page
                location("/loginPage.cfm", false);
                return false; // Stop further processing
            }
        }

I shoved that into the onRequestStart() and unfortunately it prevents submission of a login form, which uses ajax to process the form.

However, on tidying up my application.cfc, I noticed places where I was not returning false in applicable areas, which might have had an effect. I need to rush to work, but just wanted to update on my stumblings so far.

Report · Jun 23, 2025

BKBK, your suggestions got me on the right path and eventually found a solution. My application.cfc was a mess and took a while to tidy up. It had various bits of cool things from Ben Nadel etc around session handling, "remember me" cookies etc.

My problem was that a "rememberMe" cookie somehow got set (even though I don't remember clicking the "Remember Me" checkbox), and OnSessionStart() was automatically logging me in but then not redirecting anywhere. Once I redirected, everything was OK.

Report · Jun 24, 2025

@China-Buy_com , thanks for the update. It's nice to hear that the issue has been resolved.

Glad to have helped.

Report · Jun 23, 2025

While BKBK's hypothesis may prove true, and his suggested code may get you going, if somehow it does not, we could likely benefit from getting better diagnosis of what's going on. And while "deconstructing the page line by line till the error goes away" is a classic troubleshooting technique, I'd propose another should be more effective here.

Are you familiar with using your browser dev tools feature? It's available and works the same in each browser. Use its "network" tab to watch what's being sent back to your browser in each of your scenarios. You can also watch what requests are being made from your page...and it may be more than one, because some html elements call back to the server (whether for images, js or css files, and more).

Indeed, it seems pretty clear it's either getting or expecting json at one point. The network tab of the dev tools shows both each request made from the browser (including the url and what headers were sent, etc.) and then what response came back from that (whether html, json, some binary data, no data, etc.)

With such insight, it should be more clear what's going on. Even if all this is new to you as a diagnostic measure, it's worth your knowing (and taking a little time to learn,). In fact, I'll be mentioning it as one of many tools and techniques in a talk I'll give online tomorrow, "Debugging and Error Handling in ColdFusion", for Adobe's free "CF Dev Week" series. More at https://adobe-cold-fusion-developer-week-2025.meetus.adobeevents.com https://adobe-cold-fusion-developer-week-2025.meetus.adobeevents.com

Please confirm if you see this reply, since it's separate from the other reply thread with BKBK which appears first here. Hope it may help. (And while I could have waited to see how you may reply to his suggestions, I'd started on this before he offered his large code suggestion. I figured I'd send it along anyway, as it may well help future readers of this thread, even if you end up not needing to do further diagnosis.)

/Charlie (troubleshooter, carehart. org)

Report · Jun 23, 2025

Hi Charlie, Yes, dev tools was where I went first to find anything useful. I think I've resolved my issue. Will write an answer.

Page renders HTML after session timeout and reload, then renders correctly after a second reload

1 Correct answer