CFLOCK malfunction. Sessions being shared between Firefox and IE
Posted on 2007-10-02
Hi, I have a member_admin area on my site derived from a tutorial I purchased and altered for use with my DB. This is where members can edit their content such as member profile, service area and logo. The way it works is the member logs into the directory "admin_member" with it's own Application.cfm where, upon login, their memberID becomes session.admin which is passed between the pages in this dir. For developmental purposes I put a cfdump on the index.cfm so that the usernames and passwords from dbo.members (which is still full of test data) would print on the screen so that I could choose which set I want to login with. As it turns out, the only thing that printed was the last row of the table so I kept using those credentials. All of this was done in my default browser, FireFox. All of the sudden they stopped working but all other credentials worked fine. Then I remembered that I also had an IE browser going with those "default" credentials, good! But, when I refreshed one browser it would come up with the credentials of the other and vice versa. This tells me that my cflock is not working right.
You can try it yourself using email@example.com and joe for the password. Here is the Application.cfm:
name = "EnetAdmin"
applicationtimeout = "#CreateTimeSpan(0,0,30,0)#"
clientmanagement = "yes"
sessionmanagement = "yes"
setclientcookies = "no"
<!--- <cfparam name="form.username" default="">
<cfparam name="form.password" default="">--->
<cflock scope="session" throwontimeout="yes" timeout="30" type="exclusive">
<cfquery name="session.loginMember" datasource="#enet#">
SELECT members.memberID, members.contact_Email, members.PassWord
<!--- WHERE members.contact_Email = '#form.username#'
AND members.PassWord = '#form.password#'--->
<cfif not isdefined ("session.Admin") and Isdefined ("form.UserName") and form.UserName EQ "#username#" and IsDefined ("form.Password") and form.Password EQ "#password#">
<cflock scope="session" throwontimeout="yes" timeout="10" type="exclusive">
<cfset Session.Admin = #session.loginMember.memberID#>
<cfparam name="session.serverfile" default="">
<cfif not IsDefined ("Session.Admin")>
<!---<cfdump var="#username#"><br />