Skip to main content
C
CFmonger
Inspiring
March 30, 2009
Question

session scope issue.

  • March 30, 2009
  • 1 reply
  • 1407 views
Hello;
I created a log in system for a sub directory in my web site. I have the directory locked down using an application.cfc file, it also takes orders from the application.cfc file in the main directory.

I think I set my session variables properly when the user logs into the app. But when I try and add a tag to lock something out, it says my session is not defined in the session scope.

I am trying to make tags the will take out elements if you do not have admin access. This is shown by a checkbox in the database, or in access it is a yes/no field. I have tags that if it eq True it does one thing. and those work, but they do not run on the session scope.

The best thing I think I can do is to show you how my session scope is set up. there are different kinds.

1. is just the session you get as just any user who surfs the web.
2. is the back end user who is either an admin or not.

application.cfc in main directory:
<cfscript>
THIS.name = "my web";
THIS.sessionManagement=true;
THIS.clientManagement=true;
THIS.applicationTimeout = createTimeSpan(0,0,20,0);
THIS.sessionTimeout = createTimeSpan(0,0,20,0);
</cfscript>

<cffunction name="onSessionStart" returntype="any" output="true">
<cfset SESSION.created = now()>
<cfset CLIENT.cfid = SESSION.cfid>
<cfset CLIENT.cftoken = SESSION.cftoken>
<!--- I have some other things in here for tracking and page views and so on --->
</cffunction>

Application.cfc in sub directory:

<cffunction name="OnRequestStart" output="false" returntype="string">
<cfif NOT isDefined("SESSION.auth.isLoggedIn")>
<cflocation url="../sitemanager.cfm" addtoken="no">
<cfabort>
<cfelseif isDefined("FORM.UserLogin")>
<cfinclude template="../LoginCheck.cfm">
<cfreturn true>
</cfif>
</cffunction>

<cffunction name="onSessionStart" returntype="any" output="true">
<cfset SESSION.created = now()>
<cfset SESSION.auth = structNew()>
<cfset SESSION.auth.isLoggedIn = "Yes">
<cfset SESSION.auth.id = SESSION.auth.id>
<cfset SESSION.auth.Fname = SESSION.auth.Fname>
<cfset SESSION.auth.Lname = SESSION.auth.Lname>
<cfset SESSION.auth.isAdminstrator = SESSION.auth.isAdminstrator>
</cffunction>

and I set off the sessions with my login page:

<CFQUERY NAME="IsValidLogin" datasource="#APPLICATION.dataSource#">
SELECT user.Fname, user.Lname
FROM user
WHERE userName =<cfqueryparam cfsqltype="cf_sql_varchar" value="#FORM.userLogin#">
</CFQUERY>
<CFQUERY NAME="IsValidUser" datasource="#APPLICATION.dataSource#">
SELECT user.id, user.Fname, user.Lname, user.admin
FROM user
WHERE userName =<cfqueryparam cfsqltype="cf_sql_varchar" value="#FORM.userLogin#">
AND password =<cfqueryparam cfsqltype="cf_sql_varchar" value="#FORM.userPassword#">
</CFQUERY>

<cfif IsValidUser.recordcount eq 1>
<cflock scope="Session" type="EXCLUSIVE" TIMEOUT="20">
<cfset SESSION.auth = structNew()>
<cfset SESSION.auth.isLoggedIn = "Yes">
<cfset SESSION.auth.id = IsValidUser.id>
<cfset SESSION.auth.Fname = IsValidUser.Fname>
<cfset SESSION.auth.Lname = IsValidUser.Lname>
<cfset SESSION.auth.isAdminstrator = IsValidUser.admin>
</cflock>

so there are 3 pages control the session in this app so far. I thought I had them defined, I have some tags working using thee variables.

this works:
<cfif isDefined("SESSION.auth.Fname")>
Hello #SESSION.auth.Fname#!
</cfif>

and this doesn't:
<cfif SESSION.auth.isAdminstrator EQ "True">
you get this if you are an admin. if you are not an admin, it does not appear at all
</cfif>

this is the error I get:
Element AUTH.ISADMINSTRATOR is undefined in SESSION.
The error occurred on line 134.


Is there a way to write this or a form of this tag?

Thanks

So is it my tag that isn't working?
This topic has been closed for replies.

1 reply

N
Newsgroup_User
Inspiring
March 30, 2009
CFmonger wrote:
>
> So is it my tag that isn't working?
>

Does the code running in this sub directory belong the the same
'application' as ColdFusion sees it as the main code?

How ColdFusion handles state variables from request to request is a
complex dance involving cookies named cfid and cftoken and the
application name set with either a <cfapplication name=""...> tag or a
this.name="" parameter in an Application.cfc.

The thrust if this is that if any of these values change it is a whole
new set of data separate from any data that came before.

You can test this by checking this simple output in different parts of
you application and see if they are all the same or if there are
differences.

<cfoutput>
#appplication.appplicationName#<br/>
#session.cfid#<br/>
#session.cftoken#<br/>
</cfoutput>
N
Newsgroup_User
Inspiring
March 30, 2009
CFmonger wrote:
>
> Can anyone help me figure out how to get this to go off when admin is defined
> in user table of the db.
>


You gave no hint on if you ran the experiment I suggested.

Please show the top section of both Application.cfc code files, i.e. the
pseudo constructors.
N
Newsgroup_User
Inspiring
March 30, 2009
Ok, that all looks fine.

Now have you tried a simple dump of session to see what data is there
that my give a hint to what is going wrong.

<cfdump var="#session#"> on the offending page.

P.S. If you are on a hosting plan using ColdFusion 8 then you no longer
need the proxyApplication. That is a work around for hosting providers
where one does not have access to making a mapping. Which is a pretty
poor hosting provider that can not make a mapping for you, but it does
happen. But with CF8, you can make your own mappings in your
Application.cfc thus no longer need access to the ColdFusion
Administrator to make them.

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices