Solved

Session Variable problem

Posted on 2000-03-15
8
149 Views
Last Modified: 2013-12-24
i have an appln wherein many session vars are used and the most imp one is Loginname.

For any db operation i.e add/update/delete i log the user who did it using the <session.loginname>.

The problem is when we open two browsers simultaneously and logon as different users and do certain db operations the logging occurs with incorrect loginnames.i.e loginnames are interchanged for both users that too randomly.

Any help would be appreciated.
0
Comment
Question by:nettboyz
8 Comments
 
LVL 19

Expert Comment

by:cheekycj
Comment Utility
Two browsers: meaning two IE windows or 1 IE and 1 NN?

If its the same browser, I can see how you run into a problem.
What you should do is check if Session.loginname exists... and if does
then don't let the person login again... they must logout first... session.loginname is set to null and then log in.

CJ
0
 
LVL 37

Expert Comment

by:meverest
Comment Utility
in fact i would extend on what cheekyci suggests and recommend that you drop all session variables completely using StructClear(session)

cheers.

0
 
LVL 1

Expert Comment

by:bigbadb
Comment Utility
You may want to try client var instead of session var.  There is really no way around session var failing when using multiple browsers.  (we have had this problem here)  Using client var usually take care of the problem because they are stored differently on the server (registry or DB table, not memory like app and session)

Hope this helps

Bryan
0
 
LVL 3

Expert Comment

by:dapperry
Comment Utility
Why don't you just log the CFID and CFTOKEN as well.  The you can differentiate.

:) dapperry
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 4

Expert Comment

by:FRehman
Comment Utility
use cflock tag
0
 
LVL 19

Accepted Solution

by:
cheekycj earned 49 total points
Comment Utility
I have some info:

It seems that the problem you described is caused by ColdFusion's multi-threaded server. If different browsers request pages that read from or write to the same APPLICATION, SESSION, or CLIENT variable, the threading can cause a variable to be set or reset unintentionally. To fix this common error, every time a session variable is either read or set, it should be surrounded with <CFLOCK> tags. These tags will prevent different threads from accessing the same variables simultaneously. Here is an example of how to use the <CFLOCK> tag to read a session variable called sessionID: <CFLOCK NAME="#session.sessionID#" TYPE="readonly" TIMEOUT="10" THROWONTIMEOUT="yes"> <CFSET variables.sessionID=session.sessionID> </CFLOCK> By locking the variable and storing its value to a local variable, you can then use the local variable as often as you need later in the page without having to worry about problems with multi-threading. Similarly, to lock session variable when setting its value, you can use code similar to the following: <CFLOCK NAME="#session.sessionID#" TYPE="exclusive" TIMEOUT="10" THROWONTIMEOUT="yes"> <CFSET session.sessionID=myQuery.sessionID> </CFLOCK> Please note that the TIMEOUT attribute of the <CFLOCK> tag is the number of seconds before the server will stop trying to perform the operation between the <CFLOCK> tags. With the THROWONTIMEOUT attribute set to "yes", the ColdFusion Application Server will produce an exception after the operation has timed out. This exception should be handles by a <CFTRY>/<CFCATCH> block to prevent end users from seeing the message. Also note that the <CFLOCK> blocks can and should be used around APPLICATION and SERVER scope variables as well, if their values can be changed by any particular page of an application. ColdFusion Application Server addressed this problem in version 4.5 by adding options in ColdFusion Administrator. If you are using ColdFusion Application Server 4.5, under the "server" section there is link for "Locking." After clicking this link you will see a variety of options for Variable Locking. By checking the box that says "Single Threaded Sessions," multi-threading of session variables will be turned off. Alternatively, you can use the "Variable Scope Lock Settings" to turn on "Full checking" or "Automatic read locking." The "Full checking" setting will throw an error whenever code attempts to read from or write to a session (or server or application) variable without using <CFLOCK> blocks around it. As a result, the developer is forced to use <CFLOCK> blocks. The "Automatic read locking" setting will lock session (or server or application) variables whenever they are read, but will throw an exception if the variables are not locked when the code attempts to set their values.

CJ
0
 
LVL 4

Expert Comment

by:FRehman
Comment Utility
I already tell to use cflock tag
0
 
LVL 1

Expert Comment

by:cfmrulez
Comment Utility
Hi all,

My expertise has shown that in a environtmet like Internet with proxies and other similar stuff isn't a good idea the use of session, client, or any kind of this variables.

In order to garantize the process you must use URL based parameters. It increments the difficult, because you must develop a coding method that garantize the confidenciality of the users making codes difficult to predict but...

Also you must implement a validation method to prevent user to attack directly to a pages with thied IDs or making a testing attack to gain access.

Hope this helps,
cfmrulez!

(I think I've made myself a whirpool :-P).
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

In our day to day coding, how many times have we come across a necessity to check whether a URL is a broken link or not? For those of you that answered countless and are using ColdFusion like myself, then this article is for you.  It will show yo…
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
This video discusses moving either the default database or any database to a new volume.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now