Solved

Session Variable problem

Posted on 2000-03-15
8
155 Views
Last Modified: 2013-12-24
i have an appln wherein many session vars are used and the most imp one is Loginname.

For any db operation i.e add/update/delete i log the user who did it using the <session.loginname>.

The problem is when we open two browsers simultaneously and logon as different users and do certain db operations the logging occurs with incorrect loginnames.i.e loginnames are interchanged for both users that too randomly.

Any help would be appreciated.
0
Comment
Question by:nettboyz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 19

Expert Comment

by:cheekycj
ID: 2622061
Two browsers: meaning two IE windows or 1 IE and 1 NN?

If its the same browser, I can see how you run into a problem.
What you should do is check if Session.loginname exists... and if does
then don't let the person login again... they must logout first... session.loginname is set to null and then log in.

CJ
0
 
LVL 37

Expert Comment

by:meverest
ID: 2622193
in fact i would extend on what cheekyci suggests and recommend that you drop all session variables completely using StructClear(session)

cheers.

0
 
LVL 1

Expert Comment

by:bigbadb
ID: 2623389
You may want to try client var instead of session var.  There is really no way around session var failing when using multiple browsers.  (we have had this problem here)  Using client var usually take care of the problem because they are stored differently on the server (registry or DB table, not memory like app and session)

Hope this helps

Bryan
0
Turn your laptop into a mobile console!

The CV211 Laptop USB Console Adapter provides a direct Laptop-to-Computer connection for fast and easy remote desktop access with no software to install.

 
LVL 3

Expert Comment

by:dapperry
ID: 2624960
Why don't you just log the CFID and CFTOKEN as well.  The you can differentiate.

:) dapperry
0
 
LVL 4

Expert Comment

by:FRehman
ID: 2635044
use cflock tag
0
 
LVL 19

Accepted Solution

by:
cheekycj earned 49 total points
ID: 2683506
I have some info:

It seems that the problem you described is caused by ColdFusion's multi-threaded server. If different browsers request pages that read from or write to the same APPLICATION, SESSION, or CLIENT variable, the threading can cause a variable to be set or reset unintentionally. To fix this common error, every time a session variable is either read or set, it should be surrounded with <CFLOCK> tags. These tags will prevent different threads from accessing the same variables simultaneously. Here is an example of how to use the <CFLOCK> tag to read a session variable called sessionID: <CFLOCK NAME="#session.sessionID#" TYPE="readonly" TIMEOUT="10" THROWONTIMEOUT="yes"> <CFSET variables.sessionID=session.sessionID> </CFLOCK> By locking the variable and storing its value to a local variable, you can then use the local variable as often as you need later in the page without having to worry about problems with multi-threading. Similarly, to lock session variable when setting its value, you can use code similar to the following: <CFLOCK NAME="#session.sessionID#" TYPE="exclusive" TIMEOUT="10" THROWONTIMEOUT="yes"> <CFSET session.sessionID=myQuery.sessionID> </CFLOCK> Please note that the TIMEOUT attribute of the <CFLOCK> tag is the number of seconds before the server will stop trying to perform the operation between the <CFLOCK> tags. With the THROWONTIMEOUT attribute set to "yes", the ColdFusion Application Server will produce an exception after the operation has timed out. This exception should be handles by a <CFTRY>/<CFCATCH> block to prevent end users from seeing the message. Also note that the <CFLOCK> blocks can and should be used around APPLICATION and SERVER scope variables as well, if their values can be changed by any particular page of an application. ColdFusion Application Server addressed this problem in version 4.5 by adding options in ColdFusion Administrator. If you are using ColdFusion Application Server 4.5, under the "server" section there is link for "Locking." After clicking this link you will see a variety of options for Variable Locking. By checking the box that says "Single Threaded Sessions," multi-threading of session variables will be turned off. Alternatively, you can use the "Variable Scope Lock Settings" to turn on "Full checking" or "Automatic read locking." The "Full checking" setting will throw an error whenever code attempts to read from or write to a session (or server or application) variable without using <CFLOCK> blocks around it. As a result, the developer is forced to use <CFLOCK> blocks. The "Automatic read locking" setting will lock session (or server or application) variables whenever they are read, but will throw an exception if the variables are not locked when the code attempts to set their values.

CJ
0
 
LVL 4

Expert Comment

by:FRehman
ID: 2686212
I already tell to use cflock tag
0
 
LVL 1

Expert Comment

by:cfmrulez
ID: 2788899
Hi all,

My expertise has shown that in a environtmet like Internet with proxies and other similar stuff isn't a good idea the use of session, client, or any kind of this variables.

In order to garantize the process you must use URL based parameters. It increments the difficult, because you must develop a coding method that garantize the confidenciality of the users making codes difficult to predict but...

Also you must implement a validation method to prevent user to attack directly to a pages with thied IDs or making a testing attack to gain access.

Hope this helps,
cfmrulez!

(I think I've made myself a whirpool :-P).
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to setting up a new WHM/cPanel Server to be used for web hosting accounts. It is intended for web hosting company administrators and dedicated server owners. For under $99 per month (considering normal rate of Big Data Cetnters like …
What You Need to Know when Searching for a Webhost Provider
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question