Solved

Losing Coldfusion Sessions

Posted on 2011-03-07
10
717 Views
Last Modified: 2012-05-11
Dear All

Over the last few months we have been having issues with our web apps which run on coldfusion.  For some reason the sessions are being lost.  At first we thought it was to do with an update to IE or even using windows 7 but this was soon to be wrong as someone that was having problems logged onto a PC of a user who wasnt having the same problem and still had the error, even though the other user could still use the web app after logging back on after.

We have never had any problems before and nothing has changed in the code as we have moved on to developing our web apps in asp.net for 5 years.

The message we get is


Error resolving parameter SESSION.MANAGER

The session variable MANAGER does not exist. The cause of this error is very likely one of the following things:


The name of the session variable has been misspelled.
The session variable has not yet been created.
The session variable has timed out.

Open in new window



Any ideas?
0
Comment
Question by:GarethABC
10 Comments
 
LVL 19

Expert Comment

by:erikTsomik
ID: 35057256
make sure you do not delete session variable somewhere in the code
0
 
LVL 39

Expert Comment

by:gdemaria
ID: 35057523
> that was having problems logged onto a PC of a user who wasnt having the same problem and still had the error, even though the other user could still use the web app after logging back on after

It sounds like it is specific to particular users?   User-A has no problem, but user-B has problems on the same computer, is that right?

Does the error happen after a certain period of time or immediately after login or.. ?

Are there any particular actions or pages that it happens on, or does it happen anywhere in the app?

Are you able to reproduce intentionally or is it fairly random?

Thanks,


0
 
LVL 1

Expert Comment

by:tampatechtiger
ID: 35078711
We had the same issue...we have thousands of users and after, literally, hundreds of hours of testing and monitoring the only thing we could come up with was that something about the individual user platform/network/ISP/etc. was causing a failure of the user's browser-client to associate with the session on the server.  I know...not a very conclusive or exciting answer...but for the solution we used two approaches that worked (nearly) flawlessly.

1. For sites that we had "upgraded" to the new application.cfc (from application.cfm) architecture, we just put in a little piece of code in the "onrequest" method that said "If session.[somevariable] is undefined...kick the user back to the login page.

2. For sites that we had not "upgraded" we just created a little file called "sessioncheck.cfm" that did the same "isdefined" check on the pertinent session variables...and did the same thing.

If your site is not user-authenticated..;you could do a similar thing by just triggering the session variable clear/reload process instead of sending them to the "login" page.

I wish I had a more clear-cut answer for you regarding the root-cause of your issue, but the approach I've noted is effective...albeit a bit unsavory.
0
 

Author Comment

by:GarethABC
ID: 35108706
Thanks for all the answers so far

as for deleting sessions, we are not deleting sessions, the apps are old coldfusion apps that have not changed for years and have been working up until the end of last year, so why the sudden change for the sessions to be lost?

It doesnt make sense how one user can logon to the PC and use the Web apps no problems without losing session but another user can logon the same PC and have problems losing the sessions??

All we can think of is that it is something to do with the AD accounts??

We have no intention to upgrade our Coldfusion server etc... and eventually these apps will be re developed into asp.net

0
 

Expert Comment

by:hevsys
ID: 35333621
Hi, Try going into the administrator and setting the sessions to J2EE
Capture.JPG
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:GarethABC
ID: 35440390
Hi ya,  tried looking at that but we have coldfusion 5 :-(


coldfusion.jpg
0
 

Author Comment

by:GarethABC
ID: 36056412
More investigation and it seems that a user can only be a member of so many AD groups.  If a user is in too many ADgroups for permissions, we get the error message, otherwise all works ok.

ANy ideas?????
0
 
LVL 39

Expert Comment

by:gdemaria
ID: 36056656

Assuming that an "AD Group" is some type of role that you have associated with users, it sounds like it would be in the code.   That would explain why it only happens sometimes and not to all users, only the users that are getting assigned many roles would have this problem.

Are you able to find and post some code that may be relevant to this area?
0
 

Accepted Solution

by:
GarethABC earned 0 total points
ID: 36165237
Hi ya

Sadly i dissagree as if it was the code, why would it suddenly stop working after all this time when we have not made any changes to the code for over 2 years as we are now using .net??

After more researching, the groups theory is not a viable one as we have someone in only 15 or less groups and we still get the session error.  At first we thought it was windows 7 but sadly this is happening to users with XP

ggggrrrrr
0
 

Author Closing Comment

by:GarethABC
ID: 37271825
never did solve this
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

This is an updated version of a post made on my blog over 3 years ago. It is unfortunately, still very relevant as we continue to see both SQLi (SQL injection) and XSS (cross site scripting) attacks hitting some of the most recognizable website and …
Hi. There are several upload tutorials using jquery and coldfusion. I found a very interesting one here Upload Your Files using Jquery & ColdFusion and Preview them (http://www.randhawaworld.com/) . I did keep the main js functions but made sever…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video discusses moving either the default database or any database to a new volume.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now