• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

ColdFusion 11 Throws Error Session Variable Undefined, When in fact it is Defined as shown by CFDump.

Guest
Sep 27, 2014 Sep 27, 2014

Copy link to clipboard

Copied

I've been having a particularly annoying error with ColdFusion 11, and unable to track down the source of this problem.

Basically There are a few variables defined in the session scope we check with isdefined a few lines above to make sure they are defined. Subsequent lines may or may not throw a #variablename# is undefined on random lines.

What can I do to fix this issue? Is this a known bug?

Views

5.4K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Sep 28, 2014 Sep 28, 2014

Copy link to clipboard

Copied

I am unaware of such a session issue. Could you show us a code sample?

Make sure your isDefined test applies to all the session variables? That is, your test should be equivalent to the following

<cfif isDefined("session.var1") and isDefined("session.var2") and isDefined("session.var3") etc>

<!--- session.var1, session.var2, session.var3, ... all exist --->

</cfif>

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Sep 29, 2014 Sep 29, 2014

Copy link to clipboard

Copied

I am doing isDefined checks for relevant variables when neccessary. The problem is not that the code errors out undefined ... it's that the variable is actually defined and errors out undefined.


As a simplified example;

Login.cfm Form supplies form.username and form.password to login_action.cfm then redirects to index.cfm after succesful LDAP authentication. I will not include all lines as it would be too long.

Login_action.cfm

<cfinclude template="ldap.cfm">

<!--- LDAP login code goes here; checks if credential's supplied are valid and sets variable #logged_in# ... --->

<cftry>

    <cfif isdefined("logged_in") and logged_in>

        <!--- Create Session User Structure and Default Profile --->

        <cfset session.user=StructNew()>

        <cfset session.user.username=form.username>

        <cfset session.user.firstname="">

        <cfset session.user.surname="">

        <cfset session.user.email="">

        <!--- Pull in additional Details --->

        <cfquery name="qDetails" datasource="userdetails">

        SELECT firstname,surname,email FROM Profiles

        WHERE username = '#session.user.username#'

        </cfquery>

        <cfif isdefined("qDetails") and qDetails.recordcount>

            <cfoutput query="qDetails">

            <cfset session.user.firstname ="#qDetails.firstname#">

            <cfset session.user.surname="#qDetails.surname#">

            <cfset session.user.email="#qDetails.email#">

            </cfouput>

        </cfif>

    <cfelse>

        <!--- Throw Error back to login page --->

        <cfthrow message="1" type="Custom_Security" ErrorCode="Fail">

    </cfif>

    <cfcatch type="any">

        <!--- Throw Error back to login page --->

        <cfthrow message="2" type="Custom_Security" ErrorCode="Fail">

    </cfcatch>

</cftry>

<!--- Redirect User to login page after Successful Login --->

<cflocation url="index.cfm">

Index.cfm

<!--- At Top of Index session.user.email always exists, in the event it is undefined it will be set to "" --->

<cfparam name="session.user.email" default="">

<!--- Lots of lines of code above here build HTML page etc <cfoutput> references to #session.user.email# and other session vars --->

<!--- Example pull some more information this line may or may not error... --->

<cfquery name="qUserInformation" datasource="userdetails">

SELECT * FROM Information

WHERE user_email = '#session.user.email#'

ORDER BY SomeOtherColumn

</CFQUERY>

<!--- Example point where a session error can be generated less than 2 lines above it has just finished getting information using session.user.email --->

<cfquery name="qUserGroups" datasource="userdetails">

SELECT * FROM Groups

WHERE user_email = '#session.user.email#'

ORDER BY SomeColumn

</CFQUERY>

<!--- Some other common examples require cfscript - and throw errors; above lines may not ... --->

<cfscript>

oHomePage=CreateObject("component","site_components.homepage");

qNews=oHomePage.getNews("#session.user.category#");

</cfscript>

<!--- More lines to do with HTML Footer etc <cfoutput> more stuff --->

in the wwwroot the Application.cfm handles all errors generated during rendering of the page, which includes generating a cfdump of the session scope.

When I get the Error Log I can see in the cfcatch cfdump the error... Element USER.EMAIL UnDefined in SESSION.

struct

Browser

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36

DateTime

{ts '2014-09-28 11:38:48'}

Diagnostics

Element USER.EMAIL is undefined in SESSION. <br>The error occurred on line 15.

However when I check the SESSION scope which is also dumped ... It is defined!

struct

user

struct

COLOR

cccccc

EMAIL

myemail@example.com

FIRSTNAME

Example

SURNAME

Surname

EXAMPLE1

1

TEMPLATE

template14

TEMPLATE_DETAILS

0

What is causing this strange and irratic behaviour? The problem is so far I cannot replicate the issue. It is intermittant. The issue only started after upgrading to ColdFusion 11. This code has worked flawlessly for years on CF8.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Sep 29, 2014 Sep 29, 2014

Copy link to clipboard

Copied

Clearly, if logged_in is undefined in the context of  login_action.cfm, then session.user.email will be undefined. The 2 relevant questions are: where is the cfcatch cfdump you talk about and where do you dump the session?

How does does your cfapplication tag look like? You have to enable session management properly. Otherwise Coldfusion may create a new session at every request.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Sep 30, 2014 Sep 30, 2014

Copy link to clipboard

Copied

Hi Bkbk,

Thanks for taking the time to respond. You are correct if logged_in is undefined the session will not get created and the user will not be logged in. If this was a code error why does this problem not occur in ColdFusion 8, 9 or 10?

The issue occurs some time after a user has successfully logged in and the session scope has already been created.

It's not a normal undefined error because the variable is clearly defined in the error log. I can see all the relevant variables at the time of the error event. As you can imagine this is quite the puzzle! It appears more like a ColdFusion bug introduced in the new version.

Session  management is enabled. The application.cfm redirects all ColdFusion errors to a custom error page which dumps common variables which are useful for debugging like Session, CGI, Application etc and includes it in an email for debugging.

Here's the relevant code from application.cfm

<CFERROR TYPE="EXCEPTION" EXCEPTION="ANY" TEMPLATE="login/custom_error.cfm">

<cferror type="REQUEST" template="login/request_error.cfm">

<cfsetting enablecfoutputonly=true>

<!---enable session management--->

<cfset theTimeout = CreateTimespan(0,2,0,0)>

<cfapplication name="example" sessionmanagement="Yes" setclientcookies="Yes" sessiontimeout="#theTimeout#">

      <cfif IsDefined("Cookie.CFID") AND IsDefined("Cookie.CFTOKEN")>

        <cfset cfid_local=Cookie.CFID>

        <cfset cftoken_local=Cookie.CFTOKEN>

        <cfcookie name="CFID" value="#cfid_local#">

        <cfcookie name="CFTOKEN" value="#cftoken_local#">

     </cfif>

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Oct 01, 2014 Oct 01, 2014

Copy link to clipboard

Copied

It may or may not be relevant but, for completeness, add the attribute applicationTimeout = "#createTimespan(1,0,0,0)#" . Also place the cferror tags underneath the cfapplication tag.

Your code looks fine so far. However, I have some questions. There are 2 occurrences of '#session.user.email#' in index.cfm. You seem to say that the second one caused the error. Is that so?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Oct 01, 2014 Oct 01, 2014

Copy link to clipboard

Copied

Hi BKBK, Thanks for the suggestion. Something to try at least. I'm open to solving this problem programatically. I've tried using cfparam and cflock around specific sections where session variables are read. It hasn't really done anything so far.

That's good. No problem. There are a lot of references to variables in the index.cfm page (About 1100 lines of code).

There are cfincludes as well as function calls and structures being referenced from cfscripts. Under Session.user there are at least 50 different variables some with arrays of information as well.

Unfortunately It's not specific to #session.user.email#, it is however more common. all of the defined-undefined errors are related to #session.user.xyz# though.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Oct 01, 2014 Oct 01, 2014

Copy link to clipboard

Copied

In debugging this, it is vital to know the page and, especially, the line number where the error occurs.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Dec 07, 2015 Dec 07, 2015

Copy link to clipboard

Copied

Hi BKBK, I know it's been a while since I've looked into this. Thank you for your patience. Unfortunately the line number generated is random and not consistent so It's a difficult error to debug, I can't give you one particular line to check as it can occur at any session variable reference in the script.

I have discovered a correlation with the session errors and the login action page which gets called after the login post event. This is interesting as CF9 does not display the same behavior when dealing with session variables.

I am obviously not going to downgrade to CF9 due to security and code implications.

I believe what is happening with the session variables is to do with execution path when multiple sessions are created in quick succession. I am unsure how to reference this variable scope peculiarity to detect and reference it programmatically. I can reproduce the error after quick successive logins (Example user hits login button twice, like double click submit), I've managed to curb this particular error being generated by applying a client side script (jQuery) to disable the login button straight after a successful validation of the form input boxes.

This has worked to almost eliminate the cause of these rogue session errors.

As the previous session is invalidated and no longer relates to the browser session, I believe this is what generates the error from the previous HTTP post. The user does not actually see any error as there is no callback from the browser, as it has already received the second post action, this second post completes as normal and the error is generated from the first action.

I am not sure how to proceed with this at this stage. Open to suggestions! I think this is a bug with the session variable reference, something like an invalidated handle to the variable scope?

If I check for the variable using the cfcatch diagnostic message variable using an evaluated string reference in the error handling routine custom_error.cfm, I can actually detect whether the session variable which generated the error undefined is defined in the session scope. This is the weirdness which during normal debugging should not be the case. an error generated for a session variable not being defined should remain undefined while the error log is generated.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Dec 08, 2015 Dec 08, 2015

Copy link to clipboard

Copied

Let's put the matter to rest. Could you show us the relevant pages: Application.cfc, login page, index.cfm and so on.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
May 04, 2016 May 04, 2016

Copy link to clipboard

Copied

LATEST

Did you ever find an actual solution to this problem?  I'm having a very similar problem but in CF9 and with a Request variable instead of a session variable.  It's driving me crazy.  It's the exact same symptoms though, it errors saying it's undefined and then the dump in my error handler shows it clearly defined.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Sep 29, 2014 Sep 29, 2014

Copy link to clipboard

Copied

Hi everyone,

I've got a similar problem. The browser loses the session vars on a new page request. But this error occures only in some Internet Explorer installations and it doesn't matter which Version. I'm testing with IE11 and the error occures, a colleque also uses the IE11 and it works fine same Version, same OS. Our customers using IE8 and some of them it works some not. We are using CF11 with WinServ 2012.

Thanks for help

Dirk

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Sep 29, 2014 Sep 29, 2014

Copy link to clipboard

Copied

We should first rule out coding errors. Errors involving the use of session to control flow during the login process can be very subtle indeed.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation