Highlighted

CF 11 Unexpected Log Out

Community Beginner ,
Dec 19, 2014

Copy link to clipboard

Copied

We are experiencing an issue where our users are being intermittently logged out of the website. This issue seems to occur directly after the initial log in to the website. After a user logs in, they click a link, then are redirected to the login page again. We are upgrading from CF 9 to CF 11 and we were not seeing this issue in CF 9. There are two main things that I've noticed when this issue occurs. The GetAuthUser() call is returning an empty string (for the user that was logged in with cfloginuser) and part of the session has been removed (as if a structdelete was performed on a variable in the session struct).

Is anyone able to help with this problem?

Views

963

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

CF 11 Unexpected Log Out

Community Beginner ,
Dec 19, 2014

Copy link to clipboard

Copied

We are experiencing an issue where our users are being intermittently logged out of the website. This issue seems to occur directly after the initial log in to the website. After a user logs in, they click a link, then are redirected to the login page again. We are upgrading from CF 9 to CF 11 and we were not seeing this issue in CF 9. There are two main things that I've noticed when this issue occurs. The GetAuthUser() call is returning an empty string (for the user that was logged in with cfloginuser) and part of the session has been removed (as if a structdelete was performed on a variable in the session struct).

Is anyone able to help with this problem?

Views

964

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Dec 19, 2014 0
Adobe Community Professional ,
Dec 20, 2014

Copy link to clipboard

Copied

It could be anything. Session management is notoriously hard to code. Besides, the Coldfusion Team modified the session engine in Coldfusion 10.

I would start by ruling out any shortcoming in the code. Would you let us have a look at the relevant code?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 20, 2014 2
Community Beginner ,
Dec 20, 2014

Copy link to clipboard

Copied

Okay, I see there's an improved cflogin section, so maybe that has something to do with the problem. I'll read through this document.

Thanks for your response.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 20, 2014 0
Community Beginner ,
Feb 24, 2015

Copy link to clipboard

Copied

Hello BKBK,

We've tried a number of different solutions, but we're still experiencing the logout issue mentioned back in December. Do you have any other insight on this issue? You mentioned that you would like to see the code. Here it is:

Application.cfc:

<cfcomponent output="false">

  <cfset THIS.name = "SECURE_WEBSITE_COM">

  <cfset THIS.sessionManagement = true>

  <cfset THIS.loginStorage = "session">

  <cffunction name="onRequestStart" returntype="boolean">

  <cfargument type="string" name="targetPage" required="true">

  <cfif StructKeyExists(URL, "signout")> <!--- Explicit logout --->

  <cflogout>

  </cfif>

  <cflogin>

  <cfif IsDefined("cflogin.name") AND IsDefined("cflogin.password") AND Len(CFLOGIN.name) AND Len(CFLOGIN.password)>

  <cfloginuser name="#CFLOGIN.name#" password="#CFLOGIN.password#" roles="admin">

  <cfset SESSION.user.id = 2880>

  <cfelseif NOT Len(GetAuthUser())> <!--- User has not logged in yet --->

  <cfinclude template="/login.cfm">

  <cfabort>

  </cfif>

  </cflogin>

  <cfreturn true>

  </cffunction>

</cfcomponent>

login.cfm

<cfparam name="importantMessage" default="">

<!doctype html>

<html>

<head>

<meta charset="utf-8">

<title>Log On</title>

</head>

<body>

  <div id="contentContainer">

  <div id="mainContent">

  <cfoutput>

  <cfset showQueryString = Len(CGI.QUERY_STRING) AND CompareNoCase(CGI.QUERY_STRING, "signout=yes") NEQ 0>

  <fieldset id="loginContainer">

  <legend>Sign In</legend>

  <form name="loginform" action="#cgi.script_name#<cfif showQueryString>?#EncodeForHTMLAttribute(CGI.QUERY_STRING)#</cfif>" method="post">

  <cfif Len(importantMessage)>

  <div class="message" id="successMessage"><cfoutput>#importantMessage#</cfoutput></div>

  </cfif>

  <div>

  <label>Email:</label>

  <input name="j_username" id="j_username" type="text"  maxlength="250"<cfif IsDefined("COOKIE.savedUserName")> value="<cfoutput>#LCase(COOKIE.savedUserName)#</cfoutput>"</cfif> title="Please enter your full email address in the form: name@abc.com">

  </div>

  <div>

  <label>Password:</label>

  <input name="j_password" id="j_password" type="password"  maxlength="250" title="Please enter your password" autocomplete="off">

  </div>

  <div>

  <input type="submit" name="submit" id="submit" value="Sign In">

  </div>

  </form>

  </fieldset>

  </cfoutput>

  </div>

  <cfinclude template="/global/footer.cfm">

</div>

</body>

</html>

Additional Information:

- Although this code is a modified version of our actual code, I have verified that the logout issue does happen with this exact code.

- This issue is happening on our https production server as well as our http local environments

- We are using Microsoft IIS Version 7.5 as our webserver

- If you think this is an issue with the Coldfusion Administrator settings, I would be happy to provide them to you

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Feb 24, 2015 0
Adobe Community Professional ,
Feb 25, 2015

Copy link to clipboard

Copied

My suggestions:

Application.cfc

<cfcomponent output="false">

  <cfset THIS.name = "SECURE_WEBSITE_COM">

  <cfset THIS.sessionManagement = true>

  <cfset THIS.loginStorage = "session">

  <cfset THIS.applicationTimeout = "#createTimespan(1,0,0,0)#"> <!--- suggestion added --->

  <cfset THIS.sessionTimeout = "#createTimeSpan(0,0,20,0)#"> <!--- suggestion added --->

  <cffunction name="onRequestStart" returntype="boolean">

  <cfargument type="string" name="targetPage" required="true">

 

  <cfif StructKeyExists(URL, "signout")> <!--- Explicit logout --->

  <cflocation url="/logout.cfm"> <!--- suggestion added --->

  </cfif>

  <cflogin>

      <cfif IsDefined("cflogin.name") AND IsDefined("cflogin.password") AND Len(CFLOGIN.name) AND Len(CFLOGIN.password)>

          <cfloginuser name="#CFLOGIN.name#" password="#CFLOGIN.password#" roles="admin">

          <cfset SESSION.user.id = 2880>

          <!--- I think the GetAuthUser() test is redundant. As we are now within the cflogin tag, it means this user is non-authorized anyway--->

        <!--- <cfelseif NOT Len(GetAuthUser())> ---> <!--- User has not logged in yet --->

      <cfelse> <!--- suggestion added --->

           <cfinclude template="/login.cfm">

          <cfabort>

      </cfif>

  </cflogin>

  <cfreturn true>

  </cffunction>

</cfcomponent>

logout.cfm

<cflogout>

You have logged out. <br>

<p><a href="login.cfm">Log in</a></p>

<cfabort>

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Feb 25, 2015 1
Community Beginner ,
Feb 25, 2015

Copy link to clipboard

Copied

Thanks again for your suggestions. I will try them out.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Feb 25, 2015 0
coylo LATEST
Community Beginner ,
May 29, 2015

Copy link to clipboard

Copied

i am having this exact same issue. did you ever get to the bottom of it?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
May 29, 2015 0