0 
CFBuilder admin storage

15cdb5dcb6.jpg 

Application.cfm

34ed7586e1.jpg Login.cfm

 <cfif not isDefined('FORM.submitButton')> <cfform name="loginForm" method="post" action="#CGI.SCRIPT_NAME#"> Login: <cfinput type="text" name="login" required="yes"> Password: <cfinput type="password" name="password" required="yes"> <br> <cfinput type="submit" name='submitButton' value="Sign"> <br> <cfinput type="button" name='registerButton' value="Register"> </cfform> <cfelse> <cfquery name='getUser' datasource="dbfortest"> SELECT * FROM usertable WHERE login="#FORM.login#" ; </cfquery> <cfif getUser.RecordCount NEQ 0> <cfif FORM.password eq getUser.password> <cflock scope="Session" timeout="60" type="exclusive" > <cfset Session.loggedIn = "yes"> <cfset Session.user = "#FORM.login#"> </cflock> <cfoutput>#StructKeyList(Session)#</cfoutput> <cfelse> Your pass isn't correct. </cfif> <cfelse> There is no user with this name. </cfif> </cfif>

part of page when i want to use login including.

<cfif Session.loggedIn eq "no"> <cfinclude template="login.cfm"> </cfif> <cfif structKeyExists(session, "user")> <cfoutput>Welcome, #Session.user#.</cfoutput> </cfif> <cfoutput>#StructKeyList(Session)#</cfoutput>

Hello everyone, please help me understand these sessions' behavior. The whole problem consists in attempting to pass variables from one page to another. So after login i don't see the session.user in session struct. How can i pass this? Have already tried different browsers.

Improve this question

2 Answers 2

Reset to default
4
  • To figure out what's going on with the session variables, try putting in some debug code right after your cfset session statements to make sure that they're happening. Maybe <cfdump var="#session#">.
  • You do not need to cflock your session scope (and have not needed to since CFMX). See Adam Cameron's 2013 post on when to lock scopes
  • If your debug code runs and you see the session variables, but then they're gone on the next page, that may be an issue with your session storage (which is a different part of cfadmin) or else whatever front-end webserver you're using. Try <cfdump var="#session#"> in onRequestStart in Application.cfc and make sure that JSESSIONID is the same on every request. (or try disabling J2EE session variables in CFADMIN and see if the same problem persists with CFID/CFTOKEN).
  • If your debug code doesn't run, then you should be seeing one of your error conditions.
  • For ease-of-reading, be consistent in your casing when refering to scopes, e.g. session not Session. While this kind of thing may not matter functionally, it can get you into trouble with portability when referencing paths or components.

Some other issues:

  • If you are going to use a boolean value for loggedIn then use a boolean value: true or false or 1 or 0 or (if you must) yes or no but not "yes" which is a string; instead of being able to do if (session.loggedIn) if you will have to do if (session.loggedIn == 'yes') and nobody will be happy.
  • If this is meant to be working, production site code, at a minimum you need to be using cfqueryparam as you do not ever want to pass unescaped user input directly to a database query.
  • You might also head over to the CFML slack at cfml.slack.com and ask on #cfml-beginners for some pointers on writing login forms.
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

"If this is meant to be working, production site code, at a minimum you need to be using cfqueryparam as you do not ever want to pass unescaped user input directly to a database query." <<< This can't be repeated enough.
Thx for answer,i'll try it. And ofc it's not production site code absolutely without protection. It's my way to learn CF.
Thx again, it gave me understanding of what is going on. So now it's all working ok besides that fact that after login i have a session.user variable only after refreshing page. Maybe smb can give an advice for corrections?)
While it will add to the learning curve, I would you suggest you start as early as possible with an MVC framework. Nobody writes CF code like this anymore, even in the classroom, and it'll get you into some bad habits. Check out Coldbox from Ortus - it's free, there is help on the Slack channel for #box-products, and while it will be more daunting initially you will skip an entire portion of your CF career that would otherwise be spent writing procedural soup. Separating handlers from views and controlling your scopes like session in the right places makes it a lot easier.
4

@Aquitaine has given you some good information. I just wanted to also point out that another part of your problem is likely that you have set a 10 second life span for your sessions. That's probably not long enough.

In the Application.cfm example that you posted you have this line:

sessiontimeout="#createTimespan(0,0,0,10)#"

The arguments for the CreateTimeSpan function are as follows:

createTimespan(days, hours, minutes, seconds)

As such you are assigning a 10 second lifespan for sessions. Perhaps you meant to set 10 minutes instead of 10 seconds.

Improve this answer

1 Comment

Thx, it is only attempts to change the behavior so i'd just tried it =) I understand about timevalues ^_^)

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.