Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Session Variable problem

Posted on 2000-03-15
8
Medium Priority
?
156 Views
Last Modified: 2013-12-24
i have an appln wherein many session vars are used and the most imp one is Loginname.

For any db operation i.e add/update/delete i log the user who did it using the <session.loginname>.

The problem is when we open two browsers simultaneously and logon as different users and do certain db operations the logging occurs with incorrect loginnames.i.e loginnames are interchanged for both users that too randomly.

Any help would be appreciated.
0
Comment
Question by:nettboyz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 19

Expert Comment

by:cheekycj
ID: 2622061
Two browsers: meaning two IE windows or 1 IE and 1 NN?

If its the same browser, I can see how you run into a problem.
What you should do is check if Session.loginname exists... and if does
then don't let the person login again... they must logout first... session.loginname is set to null and then log in.

CJ
0
 
LVL 37

Expert Comment

by:meverest
ID: 2622193
in fact i would extend on what cheekyci suggests and recommend that you drop all session variables completely using StructClear(session)

cheers.

0
 
LVL 1

Expert Comment

by:bigbadb
ID: 2623389
You may want to try client var instead of session var.  There is really no way around session var failing when using multiple browsers.  (we have had this problem here)  Using client var usually take care of the problem because they are stored differently on the server (registry or DB table, not memory like app and session)

Hope this helps

Bryan
0
The Ideal Solution for Multi-Display Applications

Check out ATEN’s VS1912 12-Port DP Video Wall Media Player at InfoComm 2017. Kerri describes how easy it is to design creative video walls in asymmetric layouts and schedule detailed playlists ahead of time with its advanced scheduling feature.

 
LVL 3

Expert Comment

by:dapperry
ID: 2624960
Why don't you just log the CFID and CFTOKEN as well.  The you can differentiate.

:) dapperry
0
 
LVL 4

Expert Comment

by:FRehman
ID: 2635044
use cflock tag
0
 
LVL 19

Accepted Solution

by:
cheekycj earned 147 total points
ID: 2683506
I have some info:

It seems that the problem you described is caused by ColdFusion's multi-threaded server. If different browsers request pages that read from or write to the same APPLICATION, SESSION, or CLIENT variable, the threading can cause a variable to be set or reset unintentionally. To fix this common error, every time a session variable is either read or set, it should be surrounded with <CFLOCK> tags. These tags will prevent different threads from accessing the same variables simultaneously. Here is an example of how to use the <CFLOCK> tag to read a session variable called sessionID: <CFLOCK NAME="#session.sessionID#" TYPE="readonly" TIMEOUT="10" THROWONTIMEOUT="yes"> <CFSET variables.sessionID=session.sessionID> </CFLOCK> By locking the variable and storing its value to a local variable, you can then use the local variable as often as you need later in the page without having to worry about problems with multi-threading. Similarly, to lock session variable when setting its value, you can use code similar to the following: <CFLOCK NAME="#session.sessionID#" TYPE="exclusive" TIMEOUT="10" THROWONTIMEOUT="yes"> <CFSET session.sessionID=myQuery.sessionID> </CFLOCK> Please note that the TIMEOUT attribute of the <CFLOCK> tag is the number of seconds before the server will stop trying to perform the operation between the <CFLOCK> tags. With the THROWONTIMEOUT attribute set to "yes", the ColdFusion Application Server will produce an exception after the operation has timed out. This exception should be handles by a <CFTRY>/<CFCATCH> block to prevent end users from seeing the message. Also note that the <CFLOCK> blocks can and should be used around APPLICATION and SERVER scope variables as well, if their values can be changed by any particular page of an application. ColdFusion Application Server addressed this problem in version 4.5 by adding options in ColdFusion Administrator. If you are using ColdFusion Application Server 4.5, under the "server" section there is link for "Locking." After clicking this link you will see a variety of options for Variable Locking. By checking the box that says "Single Threaded Sessions," multi-threading of session variables will be turned off. Alternatively, you can use the "Variable Scope Lock Settings" to turn on "Full checking" or "Automatic read locking." The "Full checking" setting will throw an error whenever code attempts to read from or write to a session (or server or application) variable without using <CFLOCK> blocks around it. As a result, the developer is forced to use <CFLOCK> blocks. The "Automatic read locking" setting will lock session (or server or application) variables whenever they are read, but will throw an exception if the variables are not locked when the code attempts to set their values.

CJ
0
 
LVL 4

Expert Comment

by:FRehman
ID: 2686212
I already tell to use cflock tag
0
 
LVL 1

Expert Comment

by:cfmrulez
ID: 2788899
Hi all,

My expertise has shown that in a environtmet like Internet with proxies and other similar stuff isn't a good idea the use of session, client, or any kind of this variables.

In order to garantize the process you must use URL based parameters. It increments the difficult, because you must develop a coding method that garantize the confidenciality of the users making codes difficult to predict but...

Also you must implement a validation method to prevent user to attack directly to a pages with thied IDs or making a testing attack to gain access.

Hope this helps,
cfmrulez!

(I think I've made myself a whirpool :-P).
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question