Re-setting session variables

Community Beginner ,
Jun 03, 2015 Jun 03, 2015

Copy link to clipboard

Copied

I'm developing an app. in CF10. It's been determined that this app. will be opened through a link that is created in a dot net app.

Users need to log in & log out through the dot net app.  To see the link, user need to log in then my CF app open up once users click that link so there is no log in/out requirement from my CF app.

The link passes a user id through url, I need to use url.userid to create CF session.userid.

So I created the session user id in onSessionStart in application.cfc :

<cfset session.userid = #Trim(URL.userid)#>

The problem is, when I log out and log back in as a different user, my previous session.userid still exists. So I have two different session.userids.

In order to avoid this I thought I can do the following in onSessionStart in my application.cfc:

<cfset sessionInvalidate() />

<cfset session.userid = #Trim(URL.userid)#>

Since every time the application start CF has to go through application.cfc first my thought would be that sessionInvalidate function will run first, destroy all the existing session and then I can create a new session

But on my test unfortunately this approach does not help! I still get the older session and the new session is not created!

Am I doing it wrong????

Re-setting session is the only way I can stop the build up of new sessions every time I log out and log in as a different users from the same computer. But is this not possible? or should I do it in index.cfm instead of in onSessionStart in application.cfc?

TOPICS
Getting started

Views

950

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Jun 07, 2015 Jun 07, 2015

Copy link to clipboard

Copied

LATEST

Implementing authentication is the obvious way to have greater control of sessions in your Coldfusion application. However, recall that authentication is done in the .NET application, not in the Coldfusion application.

So all the login, logout, session-start, session-end, etc. processes that you mention are more relevant to the .NET application than to the Coldfusion application. Coldfusion need not respond to all the authentication events in another application server. In other words, giving the user a new value of session.userID does not necessarily mean starting a new Coldfusion session.

Let us then follow the process within the Coldfusion application. The user comes in via a link. It is therefore sufficient to start the process at the level of a request, rather than a session. Something like this is sufficient

Application.cfc

<cffunction name="onRequestStart">

<cfargument name = "targetPage" type="String" required="true">

<cfif NOT isDefined("URL.userID") and NOT isDefined("session.userID")>

    <!--- User not logged in on .NET application --->

    <cfinclude template="loginRequired.cfm">

    <cfabort>

<cfelseif isDefined("URL.userID") and NOT isDefined("session.userID")>

    <!--- User has come in without previous session.userID --->

    <!--- Set session.userID --->

    <cfset session.userID = trim(URL.userID)>

<cfelseif isDefined("URL.userID") and isDefined("session.userID") and session.userID is not trim(URL.userID)>

    <!--- User has returned with different userID --->

    <!--- Reset userID to new value --->

    <cfset session.userID = trim(URL.userID)>

</cfif>

</cffunction>

loginRequired.cfm

<h3>You must log in.</h3>

<a href="">Link to .NET application login page</a>

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines