Link to home
Start Free TrialLog in
Avatar of WestCoast_BC
WestCoast_BCFlag for Canada

asked on

Can someone explain to me how session variables work

I have created a website using Coldfusion. I use a session variable to store information about a user when they login.  My application.cfc has sessionmanagement set to true.

I am finding that sometimes (and it is intermittent) that when a user navigates to a different page within the same website that they are automatically logged out. It seems to me that the session variables is reset. I am struggling to figure out what is going on. Any advice regarding what to look for is appreciated.
Avatar of dgrafx
dgrafx
Flag of United States of America image

Note that IF the session has timed out then a user clicks a link taking them to another page then when they arrive at the other page they will be logged out. That is normal.
But it seems like you mean something else from that like it logs out right in the middle of navigating to various pages.
Also, you could always check the sessiontimeout in your settings. If you don't have a setting I believe the default in the CF Administrator is 20 minutes.

Review this link in the docs to make sure you are doing everything you should be doing.
https://helpx.adobe.com/coldfusion/developing-applications/developing-cfml-applications/using-persistent-data-and-locking/configuring-and-using-session-variables.html 

Good luck ...
Avatar of WestCoast_BC

ASKER

My sessiontimeout is set to 20.

You are right, my problem does not occur from timing out. It is happening while a user is navigating to various pages. For example, the first time a user goes to a page it will work fine but then the next time the user goes to the same page they are suddenly not logged in.

Please note that I am not using CFLogin but instead wrote my own login code.

I have not been very good about surrounding my code that reads/writes session variables with CFLock. Could this be my problem? I will add CFLock everywhere I access session variables. 
You only need cflock around session vars when setting them not reading them.

can you post your login and session setting code please?
Is the requirement to only need cflock around setting session variables new? I was reading: CFLock Article and it seems to me that I need to surround session variable read and writes with CFLock. Am I incorrect?

My login is just a form where the user enters their user name and password. If the login information is correct I do:
<cfset session.userid = getUser.userid>

getUser is a query into my database that retrieves the logged in user's id value.
Also, if I use CFLocation with AddToken="false" could this also cause my problem?

ASKER CERTIFIED SOLUTION
Avatar of dgrafx
dgrafx
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I am using CFLocation in some of my code. I don't think it is used in the times when I have experienced my problem. I am thinking that I may have some sort of race condition and I am hoping that by surrounding my setting of session variable with <cflock timeout=20 scope="Session" type="Exclusive"> .. </cflock> that my problem will be solved.
So post again if you continue to experience the problem.
Good luck ...