Solved

ColdFusion Error: Session.SessionID Not Defined?

Posted on 2009-04-06
10
1,386 Views
Last Modified: 2013-12-24
I'm getting errors "Element SESSIONID is undefined in SESSION."

How is this possible? I was under the impression that a Session.SessionID is ALWAYS defined on each request?
0
Comment
Question by:davidsanderson
  • 5
  • 4
10 Comments
 
LVL 39

Expert Comment

by:gdemaria
ID: 24078017
you have session management turned on in your cfapplication tag?

If you're using application.cfc (instead of .cfm)  are you doing this command in onApplicationStart or onApplicationEnd  or onSessionEnd ?   Session variables are not available directly in these functions
0
 

Author Comment

by:davidsanderson
ID: 24078091
Yes I have session management turned on.

I'm using application.cfc. I'm not calling session.sessionid in this file at all. It does get called outside of this file though.
0
 
LVL 19

Expert Comment

by:erikTsomik
ID: 24078112
is there something in your code that clears session variables
0
How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

 
LVL 39

Expert Comment

by:gdemaria
ID: 24078115
do you have clear the session structure (perhaps for logout?)

I would start by placing a test at the start of onRequestStart to see if the session.sessionID is defined there (before the bulk of your code is executed)

What version of Coldfusion are you using?   I think session.sessionID started with MX ?
0
 

Author Comment

by:davidsanderson
ID: 24078425
Yes, when the login times out, it calls a function that clears the session variables, but then it redirects them (cflocation) back to the login page. This would be another request, correct? So a new sessionid would be defined?

I'm using CF 8.

By the way, I can't reproduce this error, several users are getting this error though.
0
 
LVL 39

Expert Comment

by:gdemaria
ID: 24078512
I have never felt comfortable clearing all session variables because some are used by the system and we can't predict when they are re-created or used.

Coldfusion places cookies to maintain the session, they don't use the session variables directly for session management, they are more like an FYI for us developers.   I am referring to CFID, CFTOKEN and sessionID.    I suspect if you were to kill the cookies, the session may be recreated, but I can't say that clearing out the session variables only would cause them to be recreated (because the cookies still exist).

I have always just cleared the variables that I use.   To make this easier, I add a structure within session to manage this...   session.login.userID  and then just delete the login structure and leave the rest of the session alone..
0
 

Author Comment

by:davidsanderson
ID: 24079976
I can't really recode the whole app to use a different session variable structure. This app is HUGE.

I could just do away with the StructClear(Session) statement but I don't want any old session data hanging around if the user logs out.

Any other suggestions?
0
 
LVL 39

Accepted Solution

by:
gdemaria earned 125 total points
ID: 24080081
ok, didn't know if you were starting out or what.

You can loop over the session structure and avoid those key variables ...


<cfloop item="kk" collection="#session#">
  <cfif listFindNoCase("cfid,cftoken,sessionID",kk) eq 0>
    <cfset "session.#kk#" = "">
  </cfif>
</cfloop>

Open in new window

0
 

Author Comment

by:davidsanderson
ID: 24080308
That looks good. Should I also include urltoken since that's another built-in variable?
0
 
LVL 39

Expert Comment

by:gdemaria
ID: 24080361
sure, makes sense...

And if there are any that you are maintaining that you don't want to lose, perhaps the session start date/time or something..
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Hi, Even though I have created this Tutorial on My personal Blog, Some people might not able to find my website, So here i am posting it again Today, from the topic it is very clear that i will be showing you here the very basic usage of how we …
Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question