• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

CF 11 Unexpected Log Out

Guest
Dec 19, 2014 Dec 19, 2014

Copy link to clipboard

Copied

We are experiencing an issue where our users are being intermittently logged out of the website. This issue seems to occur directly after the initial log in to the website. After a user logs in, they click a link, then are redirected to the login page again. We are upgrading from CF 9 to CF 11 and we were not seeing this issue in CF 9. There are two main things that I've noticed when this issue occurs. The GetAuthUser() call is returning an empty string (for the user that was logged in with cfloginuser) and part of the session has been removed (as if a structdelete was performed on a variable in the session struct).

Is anyone able to help with this problem?

Views

1.3K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Dec 20, 2014 Dec 20, 2014

Copy link to clipboard

Copied

It could be anything. Session management is notoriously hard to code. Besides, the Coldfusion Team modified the session engine in Coldfusion 10.

I would start by ruling out any shortcoming in the code. Would you let us have a look at the relevant code?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Dec 20, 2014 Dec 20, 2014

Copy link to clipboard

Copied

Okay, I see there's an improved cflogin section, so maybe that has something to do with the problem. I'll read through this document.

Thanks for your response.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Feb 24, 2015 Feb 24, 2015

Copy link to clipboard

Copied

Hello BKBK,

We've tried a number of different solutions, but we're still experiencing the logout issue mentioned back in December. Do you have any other insight on this issue? You mentioned that you would like to see the code. Here it is:

Application.cfc:

<cfcomponent output="false">

  <cfset THIS.name = "SECURE_WEBSITE_COM">

  <cfset THIS.sessionManagement = true>

  <cfset THIS.loginStorage = "session">

  <cffunction name="onRequestStart" returntype="boolean">

  <cfargument type="string" name="targetPage" required="true">

  <cfif StructKeyExists(URL, "signout")> <!--- Explicit logout --->

  <cflogout>

  </cfif>

  <cflogin>

  <cfif IsDefined("cflogin.name") AND IsDefined("cflogin.password") AND Len(CFLOGIN.name) AND Len(CFLOGIN.password)>

  <cfloginuser name="#CFLOGIN.name#" password="#CFLOGIN.password#" roles="admin">

  <cfset SESSION.user.id = 2880>

  <cfelseif NOT Len(GetAuthUser())> <!--- User has not logged in yet --->

  <cfinclude template="/login.cfm">

  <cfabort>

  </cfif>

  </cflogin>

  <cfreturn true>

  </cffunction>

</cfcomponent>

login.cfm

<cfparam name="importantMessage" default="">

<!doctype html>

<html>

<head>

<meta charset="utf-8">

<title>Log On</title>

</head>

<body>

  <div id="contentContainer">

  <div id="mainContent">

  <cfoutput>

  <cfset showQueryString = Len(CGI.QUERY_STRING) AND CompareNoCase(CGI.QUERY_STRING, "signout=yes") NEQ 0>

  <fieldset id="loginContainer">

  <legend>Sign In</legend>

  <form name="loginform" action="#cgi.script_name#<cfif showQueryString>?#EncodeForHTMLAttribute(CGI.QUERY_STRING)#</cfif>" method="post">

  <cfif Len(importantMessage)>

  <div class="message" id="successMessage"><cfoutput>#importantMessage#</cfoutput></div>

  </cfif>

  <div>

  <label>Email:</label>

  <input name="j_username" id="j_username" type="text"  maxlength="250"<cfif IsDefined("COOKIE.savedUserName")> value="<cfoutput>#LCase(COOKIE.savedUserName)#</cfoutput>"</cfif> title="Please enter your full email address in the form: name@abc.com">

  </div>

  <div>

  <label>Password:</label>

  <input name="j_password" id="j_password" type="password"  maxlength="250" title="Please enter your password" autocomplete="off">

  </div>

  <div>

  <input type="submit" name="submit" id="submit" value="Sign In">

  </div>

  </form>

  </fieldset>

  </cfoutput>

  </div>

  <cfinclude template="/global/footer.cfm">

</div>

</body>

</html>

Additional Information:

- Although this code is a modified version of our actual code, I have verified that the logout issue does happen with this exact code.

- This issue is happening on our https production server as well as our http local environments

- We are using Microsoft IIS Version 7.5 as our webserver

- If you think this is an issue with the Coldfusion Administrator settings, I would be happy to provide them to you

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Feb 25, 2015 Feb 25, 2015

Copy link to clipboard

Copied

My suggestions:

Application.cfc

<cfcomponent output="false">

  <cfset THIS.name = "SECURE_WEBSITE_COM">

  <cfset THIS.sessionManagement = true>

  <cfset THIS.loginStorage = "session">

  <cfset THIS.applicationTimeout = "#createTimespan(1,0,0,0)#"> <!--- suggestion added --->

  <cfset THIS.sessionTimeout = "#createTimeSpan(0,0,20,0)#"> <!--- suggestion added --->

  <cffunction name="onRequestStart" returntype="boolean">

  <cfargument type="string" name="targetPage" required="true">

 

  <cfif StructKeyExists(URL, "signout")> <!--- Explicit logout --->

  <cflocation url="/logout.cfm"> <!--- suggestion added --->

  </cfif>

  <cflogin>

      <cfif IsDefined("cflogin.name") AND IsDefined("cflogin.password") AND Len(CFLOGIN.name) AND Len(CFLOGIN.password)>

          <cfloginuser name="#CFLOGIN.name#" password="#CFLOGIN.password#" roles="admin">

          <cfset SESSION.user.id = 2880>

          <!--- I think the GetAuthUser() test is redundant. As we are now within the cflogin tag, it means this user is non-authorized anyway--->

        <!--- <cfelseif NOT Len(GetAuthUser())> ---> <!--- User has not logged in yet --->

      <cfelse> <!--- suggestion added --->

           <cfinclude template="/login.cfm">

          <cfabort>

      </cfif>

  </cflogin>

  <cfreturn true>

  </cffunction>

</cfcomponent>

logout.cfm

<cflogout>

You have logged out. <br>

<p><a href="login.cfm">Log in</a></p>

<cfabort>

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Feb 25, 2015 Feb 25, 2015

Copy link to clipboard

Copied

Thanks again for your suggestions. I will try them out.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
May 29, 2015 May 29, 2015

Copy link to clipboard

Copied

LATEST

i am having this exact same issue. did you ever get to the bottom of it?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation