CFLOCK malfunction. Sessions being shared between Firefox and IE
Hi, I have a member_admin area on my site derived from a tutorial I purchased and altered for use with my DB. This is where members can edit their content such as member profile, service area and logo. The way it works is the member logs into the directory "admin_member" with it's own Application.cfm where, upon login, their memberID becomes session.admin which is passed between the pages in this dir. For developmental purposes I put a cfdump on the index.cfm so that the usernames and passwords from dbo.members (which is still full of test data) would print on the screen so that I could choose which set I want to login with. As it turns out, the only thing that printed was the last row of the table so I kept using those credentials. All of this was done in my default browser, FireFox. All of the sudden they stopped working but all other credentials worked fine. Then I remembered that I also had an IE browser going with those "default" credentials, good! But, when I refreshed one browser it would come up with the credentials of the other and vice versa. This tells me that my cflock is not working right.
You can try it yourself using joe@electriciansnet.com and joe for the password. Here is the Application.cfm:
<cfapplication
name = "EnetAdmin"
applicationtimeout = "#CreateTimeSpan(0,0,30,0)
clientmanagement = "yes"
sessionmanagement = "yes"
sessiontimeout="#CreateTim
setclientcookies = "no"
>
<cfset enet="enetdb1sql">
<!--- <cfparam name="form.username" default="">
<cfparam name="form.password" default="">--->
<cflock scope="session" throwontimeout="yes" timeout="30" type="exclusive">
<cfquery name="session.loginMember"
SELECT members.memberID, members.contact_Email, members.PassWord
FROM dbo.members
<!--- WHERE members.contact_Email = '#form.username#'
AND members.PassWord = '#form.password#'--->
</cfquery>
</cflock>
<cfloop query="session.loginMember
<cfset username="#session.loginMe
<cfset password="#session.loginMe
<cfif not isdefined ("session.Admin") and Isdefined ("form.UserName") and form.UserName EQ "#username#" and IsDefined ("form.Password") and form.Password EQ "#password#">
<cflock scope="session" throwontimeout="yes" timeout="10" type="exclusive">
<cfset Session.Admin = #session.loginMember.membe
</cflock>
</cfif>
</cfloop>
<cfparam name="session.serverfile" default="">
<cfif not IsDefined ("Session.Admin")>
<!---<cfdump var="#username#"><br />
<cfdump var="#password#">--->
<cfinclude template="includes/login.c
<cfabort>
</cfif>
You can try it yourself using joe@electriciansnet.com and joe for the password. Here is the Application.cfm:
<cfapplication
name = "EnetAdmin"
applicationtimeout = "#CreateTimeSpan(0,0,30,0)
clientmanagement = "yes"
sessionmanagement = "yes"
sessiontimeout="#CreateTim
setclientcookies = "no"
>
<cfset enet="enetdb1sql">
<!--- <cfparam name="form.username" default="">
<cfparam name="form.password" default="">--->
<cflock scope="session" throwontimeout="yes" timeout="30" type="exclusive">
<cfquery name="session.loginMember"
SELECT members.memberID, members.contact_Email, members.PassWord
FROM dbo.members
<!--- WHERE members.contact_Email = '#form.username#'
AND members.PassWord = '#form.password#'--->
</cfquery>
</cflock>
<cfloop query="session.loginMember
<cfset username="#session.loginMe
<cfset password="#session.loginMe
<cfif not isdefined ("session.Admin") and Isdefined ("form.UserName") and form.UserName EQ "#username#" and IsDefined ("form.Password") and form.Password EQ "#password#">
<cflock scope="session" throwontimeout="yes" timeout="10" type="exclusive">
<cfset Session.Admin = #session.loginMember.membe
</cflock>
</cfif>
</cfloop>
<cfparam name="session.serverfile" default="">
<cfif not IsDefined ("Session.Admin")>
<!---<cfdump var="#username#"><br />
<cfdump var="#password#">--->
<cfinclude template="includes/login.c
<cfabort>
</cfif>
> supposed doing.
supposed to be doing.
supposed to be doing.
ASKER
None taken- how do I fix it?
The whole design was ripped off a tutorial on the net. It was titled something like "Simple CF Admin Area within a single directory". I just added the query. The login works perfectly but I asked for help so I'm willing to take it.
No offense but I think you're really messing yourself up by
- putting the query in the session scope
Every page in the admin_member directory uses the WHERE = #session.admin# and as far as I know that is the only session scope I'm relying on from within the admin area.
Basically what I'm looking for is a place that the member can pull their data and only theirs for editing and no one else's. The area is of course, off the main area and has never been used by anyone but me since the site has not been promoted yet. Please, tell me exactly what to change.
The whole design was ripped off a tutorial on the net. It was titled something like "Simple CF Admin Area within a single directory". I just added the query. The login works perfectly but I asked for help so I'm willing to take it.
No offense but I think you're really messing yourself up by
- putting the query in the session scope
Every page in the admin_member directory uses the WHERE = #session.admin# and as far as I know that is the only session scope I'm relying on from within the admin area.
Basically what I'm looking for is a place that the member can pull their data and only theirs for editing and no one else's. The area is of course, off the main area and has never been used by anyone but me since the site has not been promoted yet. Please, tell me exactly what to change.
Okay. It may have been an old tutorial. In older versions of CF you had to use cflock on session variables or bad things would happen. Then MX came along and it wasn't needed anymore (except for race conditions, which are not a factor here).
What version of CF are you using 6, 7 or 8?
What version of CF are you using 6, 7 or 8?
ASKER
7.2
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It seems to work good. Thanks You! I just had to go through and change #enet# to #request.dsn# and I know I should probably do the same for the main site because I know its considered "Good Coding Practices". Also, when making that change I found this query on index.cfm and login.cfm:
<cfset form.compName = ""><a href="grid2.cfm">Admin Grid Form</a>
<cfset form.memID = "">
<cfdump var="#session.admin#">--->
<!---<cfset admin = session.admin>
<cfquery name="getMemberData" datasource="#request.dsn#"
SELECT members.memberID, members.companyName, members.streetNumber, members.City, members.State, members.Contact_First, members.Contact_Last, members.Contact_title, members.Contact_Phone, members.Contact_Email, members.PassWord, members.Contact_URL, members.License, members.CellNumber, members.Slogan, members.member_Since, networkID.networkID, networkID.networkMethod
FROM members
INNER JOIN networkID ON members.networkID = networkID.networkID
WHERE members.memberID = #admin#
</cfquery>
I should have known better and have no idea why I put it there but I bet it helped screw everything up.
Thanks again, Andy
<cfset form.compName = ""><a href="grid2.cfm">Admin Grid Form</a>
<cfset form.memID = "">
<cfdump var="#session.admin#">--->
<!---<cfset admin = session.admin>
<cfquery name="getMemberData" datasource="#request.dsn#"
SELECT members.memberID, members.companyName, members.streetNumber, members.City, members.State, members.Contact_First, members.Contact_Last, members.Contact_title, members.Contact_Phone, members.Contact_Email, members.PassWord, members.Contact_URL, members.License, members.CellNumber, members.Slogan, members.member_Since, networkID.networkID, networkID.networkMethod
FROM members
INNER JOIN networkID ON members.networkID = networkID.networkID
WHERE members.memberID = #admin#
</cfquery>
I should have known better and have no idea why I put it there but I bet it helped screw everything up.
Thanks again, Andy
Glad to help.
ASKER
Thanks again but I do have one last question: My error logs are piling up from not having the proper switches in place. Is there an ultra generic cfif tag that will prevent a page frome being processed unless it is called? <cfif isDefined("form.submit")> ?? But what about the pages that run code that are not form action pages?
You shouldn't be getting errors. What is the error message in your log files?
> Is there an ultra generic cfif tag that will prevent a page frome being processed unless it is called?
> <cfif isDefined("form.submit")> ??
I'm not sure what you mean.
> Is there an ultra generic cfif tag that will prevent a page frome being processed unless it is called?
> <cfif isDefined("form.submit")> ??
I'm not sure what you mean.
ASKER
I won't trouble you with any more Qs. I was just saying that my error logs are showing that action pages and the pages that feed loadVars for the movie on contact.cfm and my monthly mailer page are trying to process without being called. i.e. page processes with #form.name# but the page has not been submitted by anyone so #form.name# throws error. I had no idea that would happen but I got those switches(cfif) in place.
However, I'm still getting errors from 30daysmail.cfm and cft3.cfm(movie script page) so I was looking for a cfif tag like: <cfif not cfschedule> and <cfif not called by SwishMax loadVars> etc... This may be worthy of it's own question. Thanks again, Andy
However, I'm still getting errors from 30daysmail.cfm and cft3.cfm(movie script page) so I was looking for a cfif tag like: <cfif not cfschedule> and <cfif not called by SwishMax loadVars> etc... This may be worthy of it's own question. Thanks again, Andy
Oh, I see what you're saying.
There are a few ways to do it, but since the problem seems to involve different pages/code than what is posted above, I think its worthy of its own question.
There are a few ways to do it, but since the problem seems to involve different pages/code than what is posted above, I think its worthy of its own question.
Also, a new question is more likely to draw responses from other experts than a closed question.
ASKER
Okay agx, thats what I'll do but first I'm going to post a question called "Converting Application.cfm to Application.cfc" where I will post my main Application.cfm. I have tried it twice with LiveDocs and one other example but I got errors, errors, errors. And since you did the admin area's cfc with such ease I thought you may want the points. If not, thats ok too. Thanks again, Andy
No offense but I think you're really messing yourself up by
- putting the query in the session scope
- removing the WHERE clause
- looping through every record in the table
- while mixing local and session variables
... and based on the code above, I'm not at all surprised you're getting strange results.
Unless you're using an old version of CF, you don't need locking. In MX locking is only required to prevent race conditions and, in most cases, you don't want to use it around a cfquery. Also, unless you have a specific reason for doing so, try not to put queries in the session scope. If you're not reusing the query elsewhere putting it in the session scope serves no purpose.