Solved

Session Variable problem

Posted on 2000-03-15
8
151 Views
Last Modified: 2013-12-24
i have an appln wherein many session vars are used and the most imp one is Loginname.

For any db operation i.e add/update/delete i log the user who did it using the <session.loginname>.

The problem is when we open two browsers simultaneously and logon as different users and do certain db operations the logging occurs with incorrect loginnames.i.e loginnames are interchanged for both users that too randomly.

Any help would be appreciated.
0
Comment
Question by:nettboyz
8 Comments
 
LVL 19

Expert Comment

by:cheekycj
ID: 2622061
Two browsers: meaning two IE windows or 1 IE and 1 NN?

If its the same browser, I can see how you run into a problem.
What you should do is check if Session.loginname exists... and if does
then don't let the person login again... they must logout first... session.loginname is set to null and then log in.

CJ
0
 
LVL 37

Expert Comment

by:meverest
ID: 2622193
in fact i would extend on what cheekyci suggests and recommend that you drop all session variables completely using StructClear(session)

cheers.

0
 
LVL 1

Expert Comment

by:bigbadb
ID: 2623389
You may want to try client var instead of session var.  There is really no way around session var failing when using multiple browsers.  (we have had this problem here)  Using client var usually take care of the problem because they are stored differently on the server (registry or DB table, not memory like app and session)

Hope this helps

Bryan
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 3

Expert Comment

by:dapperry
ID: 2624960
Why don't you just log the CFID and CFTOKEN as well.  The you can differentiate.

:) dapperry
0
 
LVL 4

Expert Comment

by:FRehman
ID: 2635044
use cflock tag
0
 
LVL 19

Accepted Solution

by:
cheekycj earned 49 total points
ID: 2683506
I have some info:

It seems that the problem you described is caused by ColdFusion's multi-threaded server. If different browsers request pages that read from or write to the same APPLICATION, SESSION, or CLIENT variable, the threading can cause a variable to be set or reset unintentionally. To fix this common error, every time a session variable is either read or set, it should be surrounded with <CFLOCK> tags. These tags will prevent different threads from accessing the same variables simultaneously. Here is an example of how to use the <CFLOCK> tag to read a session variable called sessionID: <CFLOCK NAME="#session.sessionID#" TYPE="readonly" TIMEOUT="10" THROWONTIMEOUT="yes"> <CFSET variables.sessionID=session.sessionID> </CFLOCK> By locking the variable and storing its value to a local variable, you can then use the local variable as often as you need later in the page without having to worry about problems with multi-threading. Similarly, to lock session variable when setting its value, you can use code similar to the following: <CFLOCK NAME="#session.sessionID#" TYPE="exclusive" TIMEOUT="10" THROWONTIMEOUT="yes"> <CFSET session.sessionID=myQuery.sessionID> </CFLOCK> Please note that the TIMEOUT attribute of the <CFLOCK> tag is the number of seconds before the server will stop trying to perform the operation between the <CFLOCK> tags. With the THROWONTIMEOUT attribute set to "yes", the ColdFusion Application Server will produce an exception after the operation has timed out. This exception should be handles by a <CFTRY>/<CFCATCH> block to prevent end users from seeing the message. Also note that the <CFLOCK> blocks can and should be used around APPLICATION and SERVER scope variables as well, if their values can be changed by any particular page of an application. ColdFusion Application Server addressed this problem in version 4.5 by adding options in ColdFusion Administrator. If you are using ColdFusion Application Server 4.5, under the "server" section there is link for "Locking." After clicking this link you will see a variety of options for Variable Locking. By checking the box that says "Single Threaded Sessions," multi-threading of session variables will be turned off. Alternatively, you can use the "Variable Scope Lock Settings" to turn on "Full checking" or "Automatic read locking." The "Full checking" setting will throw an error whenever code attempts to read from or write to a session (or server or application) variable without using <CFLOCK> blocks around it. As a result, the developer is forced to use <CFLOCK> blocks. The "Automatic read locking" setting will lock session (or server or application) variables whenever they are read, but will throw an exception if the variables are not locked when the code attempts to set their values.

CJ
0
 
LVL 4

Expert Comment

by:FRehman
ID: 2686212
I already tell to use cflock tag
0
 
LVL 1

Expert Comment

by:cfmrulez
ID: 2788899
Hi all,

My expertise has shown that in a environtmet like Internet with proxies and other similar stuff isn't a good idea the use of session, client, or any kind of this variables.

In order to garantize the process you must use URL based parameters. It increments the difficult, because you must develop a coding method that garantize the confidenciality of the users making codes difficult to predict but...

Also you must implement a validation method to prevent user to attack directly to a pages with thied IDs or making a testing attack to gain access.

Hope this helps,
cfmrulez!

(I think I've made myself a whirpool :-P).
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever sent email via ColdFusion and thought of tracking this mail to capture the exact date and time when the message was opened ?  If yes, then this article is for you ! First we need a table user_email with columns user_id , email , sub…
Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question