Solved

My app keeps calling OnSessionStart

Posted on 2014-07-24
27
292 Views
Last Modified: 2014-07-27
I have a development environment using Coldfusion server. Everything was working fine until I wanted to try my code using Railo. I am not sure what I did but now when I am back using Coldfusion server I am finding that OnSessionStart is called each time I select something on my site and my session variables are not being saved. The only thing that I played with to try to get Railo to work was I changed a setting for the DefaultWebSite in my IIS manager but I believe I set that back to the original state.

Any clue what might be causing me to have problems with my session variables. I have checked that my sessionmanagement is on.

Thank you
0
Comment
Question by:WestCoast_BC
  • 11
  • 9
  • 6
  • +1
27 Comments
 

Author Comment

by:WestCoast_BC
ID: 40217965
Does anyone have anything to suggest? I really need to get my development environment working again
0
 
LVL 15

Expert Comment

by:myselfrandhawa
ID: 40218797
Can you show some of your application.cfc code for debug
0
 
LVL 39

Expert Comment

by:gdemaria
ID: 40219385
how about the application definition showing session management turned on and timeout, how session variables are stored..
0
 

Author Comment

by:WestCoast_BC
ID: 40219615
I am thinking it has to be some setting that I changed in the setup because before I tried to get Railo running everything was working fine and I did not change any of the code. I did to a dump and it showed that session management is turned on and the timeout is 2 hours.  Also, when I use Railo it works fine using the same code.

Here is what I have in my Application.cfc
    <cfset THIS.ApplicationTimeout = CreateTimeSpan(0,4,0,0) />
    <cfset THIS.SESSIONTIMEOUT = CreateTimeSpan(0,2,0,0) />
    <cfset THIS.clientmanagement = true />
    <cfset THIS.SessionManagement = true />
    <cfset THIS.SetClientCookies = true />      
    <cfset THIS.Scriptprotect = 'none' />
0
 
LVL 25

Expert Comment

by:dgrafx
ID: 40221525
is onSessionStart being triggered by something?

for example it's common to say something like:
<cfif Not StructKeyExists(session,"UserID")>
     <cfset onSessionStart()>
</cfif>

search for instances of "onSessionStart" in your application to see if you can track down this issue

even though you didn't change any code this might lead you to where it is being called and then why.
this is assuming that code is calling the new sessions and not that the previous session has timed out.
0
 

Author Comment

by:WestCoast_BC
ID: 40221546
I have just searched all of my code and I am not calling onSessionStart anywhere.

The same code works on my live site and when I am using Railo
0
 
LVL 25

Expert Comment

by:dgrafx
ID: 40221551
You are using ColdFusion server on live site?
0
 

Author Comment

by:WestCoast_BC
ID: 40221562
Yes, I am using Coldfusion server on a live site.

My code had been working fine for a long time until I decided to try Railo. I thought I had documented all the things that I changed to try to get Railo working but I must be missing something.
0
 
LVL 25

Expert Comment

by:dgrafx
ID: 40221567
I hate to say this but the easy fix might be to re-install CF ...
Or uninstall Railo - or both ...
0
 

Author Comment

by:WestCoast_BC
ID: 40221569
If I am using Railo express then I shouldn't have to uninstall it - am I correct?

I will do some more sleuthing before I try re-installing CF.
0
 
LVL 25

Expert Comment

by:dgrafx
ID: 40221580
I can't answer that question.

It seems that I recall an issue years ago where sessions weren't sticking - don't recall the details ...

Anyway I fixed it by changing the Application name in Application.cfc. Then the next day I just changed it back again.
I don't know what was up other than simply a malfunction ???
You could try that plus you could check to make sure that you don't have duplicate CF Application names in different websites.
CF's rule is that you can't have duplicate Application names and only one site allowed with no name / per server.
And I see that you don't have a name attribute listed above - I would name it even if that isn't the problem.
<cfset This.NAME="surfgod">

good luck ...
0
 
LVL 39

Expert Comment

by:gdemaria
ID: 40221734
Can you show your code in onSessionStart()?    Be aware that if there is an error inside of onSessionStart() then the session will not be created.   You may want to trap errors in there and send yourself an email if it fails.
0
 
LVL 25

Expert Comment

by:dgrafx
ID: 40221928
Actually the session starts (and is created) whether intended session vars are set or not.
That's why I asked about calling onSessionStart() based on whatever condition as I stated above.
<cfif Not StructKeyExists(session,"whatever")>
     <cfset onSessionStart()>
</cfif>

But as far as trapping and logging errors - yes - I agree ...
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 

Author Comment

by:WestCoast_BC
ID: 40222750
I have an onError in my application.cfc that dumps a bunch of information if I have an error. Do I need to add something to my onSessionStart as well to trap errors?
0
 
LVL 25

Expert Comment

by:dgrafx
ID: 40222772
not necessarily ...
in the code that you call from onSessionStart do you have Try / Catch blocks that will prevent the onError function from being called? If yes then you can retool to email you those errors as well ...

BUT that is not your issue.

Try this: put a cfmail tag in your onSessionStart function (at the beginning of the function just in case there is an error that keeps the email from sending) that emails you a notification that a session has started. Just put a datetime stamp in it. This is just to test if indeed the session is starting frequently - every page load is it?
0
 

Author Comment

by:WestCoast_BC
ID: 40223138
I have added a call to cfmail in my onSessionStart. I added a call at the beginning and at the end of onSessionStart and I get both emails.  CFMail is being called on every page load.
0
 
LVL 39

Expert Comment

by:gdemaria
ID: 40223164
Did you test whether or not your are able to save cookies?

Try doing a <cfdump var="#cookie#">
Do you see the session cookies?
Do they also change every page?
0
 

Author Comment

by:WestCoast_BC
ID: 40223206
I am setting session variables and they change on every page.

I am testing this by doing the following:
<cfset session.testval= now()>

and I include this in my email.  The value is changing with each page load
0
 
LVL 39

Expert Comment

by:gdemaria
ID: 40223242
Depends on where you put that line..
   <cfset session.testval= now()>

If you put it in onRequestStart on on your page, then it should change, if you put it in onSessionStart then it should not change as onSessionStart should not be called every page view... but I think we determined that is is.

I am curious about the value of your CFIDE CFTOKEN values stored in the cookie, what happens when you dump the cookies?    If you have cookies off, your session will not work.
0
 
LVL 25

Expert Comment

by:dgrafx
ID: 40223253
These are your settings right?
<cfset THIS.ApplicationTimeout = CreateTimeSpan(0,4,0,0) />
<cfset THIS.SESSIONTIMEOUT = CreateTimeSpan(0,2,0,0) />
<cfset THIS.clientmanagement = true />
<cfset THIS.SessionManagement = true />
<cfset THIS.SetClientCookies = true />      
<cfset THIS.Scriptprotect = 'none' />

AND you've added a name attribute?
<cfset This.NAME="whatever">
0
 

Author Comment

by:WestCoast_BC
ID: 40223285
Yes, I have this.name set.

session.cfid and session.cftoken value changes with each page load
0
 
LVL 25

Expert Comment

by:dgrafx
ID: 40223287
>>session.cfid and session.cftoken value changes with each page load<<
which indicates a new session ??? weird ...

just re-install CF
I know this stuff can get interesting but that is my advice for quickest at this point - I said that earlier too so actually before this point.

It doesn't take long to re-install CF ...
0
 
LVL 39

Expert Comment

by:gdemaria
ID: 40223296
Did you check the cookies or are you ignoring my comments?
0
 

Author Comment

by:WestCoast_BC
ID: 40223316
Sorry, I forgot about dumping the cookies.

I just dumped the cookies.  Here is what I get:


struct
AreCookiesEnabled      614
BPREVIEWMODE      0
CFADMIN_LASTPAGE_ADMIN      /CFIDE/administrator/debugging/index.cfm
CFAUTHORIZATION_cfadmin      YWRtaW4NNUJBQTYxRTRDOUI5M0YzRjA2ODIyNTBCNkNGODMzMUI3RUU2OEZEOA1jZmFkbWlu
CFCUEMAIL      sample@website.com
CFCUNAME      49
CFCUUID      513DAA6D-2E2B-446C-8EC71E4C5F9A5EC4
CFID      59252
CFID      59252
CFTOKEN      82450354
CFTOKEN      82450354
CF_CLIENT_ADREFLEX_SITE      {'USERID':1,'CUSTOMERID':'DA6FCB12-02-16-10','USERNAME':'sample@website.com'}
CF_CLIENT_ADREFLEX_SITE_HC      44
CF_CLIENT_ADREFLEX_SITE_LV      1406215565779
CF_CLIENT_ADREFLEX_SITE_TC      1406210011006
CHECKSESSION      0
CKFinder_Path      :/:1
CKFinder_Settings      TNNDS
RAILO_ADMIN_LANG      en
RAILO_ADMIN_LASTPAGE      debugging.logs
TimeZone      -08:00
TimeZone      -08:00
__atuvc      0|26,0|27,0|28,0|29,6|30
isDST      1
isDST      1
0
 
LVL 39

Accepted Solution

by:
gdemaria earned 500 total points
ID: 40223337
you have two CFID and two CFTOKEN values set in the cookies, which tends to lead to the idea that you are setting cookies manually (or maybe ralio is).   Search your code for a CFHEADER or SET_COOKIE  or CFCOOKIE command to see.

Also, do you have only one version of ColdFusion running?   Are you doing any load balancing?

You may want to switch to jsession  which will no longer use those values - this is a simple setting in the CFIDE/administrator and should not harm your code at all unless you are manually using the CFID / CFTOKEN values.
0
 

Author Comment

by:WestCoast_BC
ID: 40223367
Thanks, I manually deleted the cfid and cftoken values in the cookie and it seems to be working.  Thank you!
0
 
LVL 25

Expert Comment

by:dgrafx
ID: 40223394
good job gdemaria
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

PROBLEM:  How to open a cfwindow or run a function on double click of a cfgrid row. One of my clients wanted to be able to double click on a row item to get more detailed information about a transaction and to be able to modify the line items i…
CFGRID Custom Functionality Series -  Part 1 Hi Guys, I was once asked how it is possible to to add a hyperlink in the cfgrid and open the window to show the data. Now this is quite simple, I have to use the EXT JS library for this and I achiev…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video discusses moving either the default database or any database to a new volume.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now