Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Session Variable problem

Posted on 2000-03-15
8
Medium Priority
?
157 Views
Last Modified: 2013-12-24
i have an appln wherein many session vars are used and the most imp one is Loginname.

For any db operation i.e add/update/delete i log the user who did it using the <session.loginname>.

The problem is when we open two browsers simultaneously and logon as different users and do certain db operations the logging occurs with incorrect loginnames.i.e loginnames are interchanged for both users that too randomly.

Any help would be appreciated.
0
Comment
Question by:nettboyz
8 Comments
 
LVL 19

Expert Comment

by:cheekycj
ID: 2622061
Two browsers: meaning two IE windows or 1 IE and 1 NN?

If its the same browser, I can see how you run into a problem.
What you should do is check if Session.loginname exists... and if does
then don't let the person login again... they must logout first... session.loginname is set to null and then log in.

CJ
0
 
LVL 37

Expert Comment

by:meverest
ID: 2622193
in fact i would extend on what cheekyci suggests and recommend that you drop all session variables completely using StructClear(session)

cheers.

0
 
LVL 1

Expert Comment

by:bigbadb
ID: 2623389
You may want to try client var instead of session var.  There is really no way around session var failing when using multiple browsers.  (we have had this problem here)  Using client var usually take care of the problem because they are stored differently on the server (registry or DB table, not memory like app and session)

Hope this helps

Bryan
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 3

Expert Comment

by:dapperry
ID: 2624960
Why don't you just log the CFID and CFTOKEN as well.  The you can differentiate.

:) dapperry
0
 
LVL 4

Expert Comment

by:FRehman
ID: 2635044
use cflock tag
0
 
LVL 19

Accepted Solution

by:
cheekycj earned 147 total points
ID: 2683506
I have some info:

It seems that the problem you described is caused by ColdFusion's multi-threaded server. If different browsers request pages that read from or write to the same APPLICATION, SESSION, or CLIENT variable, the threading can cause a variable to be set or reset unintentionally. To fix this common error, every time a session variable is either read or set, it should be surrounded with <CFLOCK> tags. These tags will prevent different threads from accessing the same variables simultaneously. Here is an example of how to use the <CFLOCK> tag to read a session variable called sessionID: <CFLOCK NAME="#session.sessionID#" TYPE="readonly" TIMEOUT="10" THROWONTIMEOUT="yes"> <CFSET variables.sessionID=session.sessionID> </CFLOCK> By locking the variable and storing its value to a local variable, you can then use the local variable as often as you need later in the page without having to worry about problems with multi-threading. Similarly, to lock session variable when setting its value, you can use code similar to the following: <CFLOCK NAME="#session.sessionID#" TYPE="exclusive" TIMEOUT="10" THROWONTIMEOUT="yes"> <CFSET session.sessionID=myQuery.sessionID> </CFLOCK> Please note that the TIMEOUT attribute of the <CFLOCK> tag is the number of seconds before the server will stop trying to perform the operation between the <CFLOCK> tags. With the THROWONTIMEOUT attribute set to "yes", the ColdFusion Application Server will produce an exception after the operation has timed out. This exception should be handles by a <CFTRY>/<CFCATCH> block to prevent end users from seeing the message. Also note that the <CFLOCK> blocks can and should be used around APPLICATION and SERVER scope variables as well, if their values can be changed by any particular page of an application. ColdFusion Application Server addressed this problem in version 4.5 by adding options in ColdFusion Administrator. If you are using ColdFusion Application Server 4.5, under the "server" section there is link for "Locking." After clicking this link you will see a variety of options for Variable Locking. By checking the box that says "Single Threaded Sessions," multi-threading of session variables will be turned off. Alternatively, you can use the "Variable Scope Lock Settings" to turn on "Full checking" or "Automatic read locking." The "Full checking" setting will throw an error whenever code attempts to read from or write to a session (or server or application) variable without using <CFLOCK> blocks around it. As a result, the developer is forced to use <CFLOCK> blocks. The "Automatic read locking" setting will lock session (or server or application) variables whenever they are read, but will throw an exception if the variables are not locked when the code attempts to set their values.

CJ
0
 
LVL 4

Expert Comment

by:FRehman
ID: 2686212
I already tell to use cflock tag
0
 
LVL 1

Expert Comment

by:cfmrulez
ID: 2788899
Hi all,

My expertise has shown that in a environtmet like Internet with proxies and other similar stuff isn't a good idea the use of session, client, or any kind of this variables.

In order to garantize the process you must use URL based parameters. It increments the difficult, because you must develop a coding method that garantize the confidenciality of the users making codes difficult to predict but...

Also you must implement a validation method to prevent user to attack directly to a pages with thied IDs or making a testing attack to gain access.

Hope this helps,
cfmrulez!

(I think I've made myself a whirpool :-P).
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to setting up a new WHM/cPanel Server to be used for web hosting accounts. It is intended for web hosting company administrators and dedicated server owners. For under $99 per month (considering normal rate of Big Data Cetnters like …
In our day to day coding, how many times have we come across a necessity to check whether a URL is a broken link or not? For those of you that answered countless and are using ColdFusion like myself, then this article is for you.  It will show yo…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question