Session Variables not being retained

[Davo67]

Hi
I have a client with several people accessing my application. I'm detecting and preventing multiple logins by setting an application variable using a user UUID. The problem is with session variables which as soon as they login in (<CFSET session.loggedin =True>) and the application variable is set, the machine loses the session variable immediately. The application.cfm detects that they are no longer logged in and kicks them out. They try and log in again but application.cfm detects that they are already logged in so that can't get in. This is happening everytime.

They are going through a (slow)proxy server. Is this affecting the sessions with multiple machines accessing the same application?. Any ideas PLEASE!!! I'm getting desparate. (

I took the login from a tutorial, can't remember which one though.

ps I'm very new to this so tips on variable scoping would help.

Many thanks

Here's my application.cfm page

<CFAPPLICATION NAME=&quot;MyApplication&quot; SESSIONMANAGEMENT=&quot;Yes&quot;
SETCLIENTCOOKIES=&quot;No&quot; SESSIONTIMEOUT=&quot;#CreateTimeSpan(0,0,30,0)#&quot;
APPLICATIONTIMEOUT=&quot;#CreateTimeSpan(0,0,30,0)#&quot;>
<CFPARAM NAME=&quot;session.LoggedIn&quot; DEFAULT=&quot;FALSE&quot;>
<CFSET APPTIMESPAN = #CREATETIMESPAN(0,0,30,0)#>
<!-- If the user is not logged in yet -->
<CFIF #SESSION.LOGGEDIN# IS &quot;FALSE&quot;>
<!-- ... and not currently on the login pages, or the forgotten password page -->
<CFIF (CGI.SCRIPT_NAME IS NOT &quot;/lt/logontry.cfm&quot AND (CGI.SCRIPT_NAME IS NOT &quot;/lt/logout.cfm&quot>
<SCRIPT LANGUAGE=&quot;JavaScript&quot;>
alert(&quot;The system has detected an invalid login or your session on this machine has timed out. You will be prompted for your login/password again.&quot;
self.location='login.html';
</SCRIPT>
</CFIF>
<CFELSE>

<!-- this will reset the time stamp every time the user accesses a non-login related page, to keep track of his activity. -->
<CFIF (CGI.SCRIPT_NAME IS NOT &quot;/lt/logontry.cfm&quot AND (CGI.SCRIPT_NAME IS NOT &quot;/lt/logout.cfm&quot>
<CFSET APPLICATION.USERSLOGGEDIN[&quot;#session.UuiD#&quot;].TIMECREATED = NOW()>
</CFIF>
</CFIF>

 

[CFDude]

First, I would make sure that you are using cflock around all your reads/writes to session and application variables, not having that could cause some problems.
e.g
<cflock scope=&quot;Application&quot; type=&quot;Exclusive&quot; timeout=&quot;5&quot;>
<CFSET APPLICATION.USERSLOGGEDIN[&quot;#session.UuiD#&quot;].TIMECREATED = NOW()>
</cflock>

I don't see the code where you set the session.uuid or the session.loggedin = true -- if you could post that part it may help.

I have seen problems with some proxy servers with session variables. You could try setting the variables as client cookies -- that has always fixed it for me.

 

[Davo67]

CFDUDE

Thanks for the tip about cookies and cflock.
Here's the page to set sessions. Cheers for spending the time looking at this, i really appreciate it.
Sorry it's very long.

logontry.cfm


<CFSET SESSION.LOGGEDIN = FALSE>
<CFSET fname = form.fname>
<CFSET lname = form.lname>
<CFSET school = form.school>
<CFSET group = form.group>
<CFSET password = form.password>

<CFQUERY NAME=&quot;CheckUser&quot; DATASOURCE=&quot;gnvq2&quot;>
SELECT * FROM maindb
WHERE
fname = '#fname#' AND
lname = '#lname#' AND
school = '#school#' AND
groupC = '#group#'
</CFQUERY>

<!-- Is the user present in the database? -->
<CFIF CHECKUSER.RECORDCOUNT GREATER THAN 0>

<!--- Passwords are not case-sensitive in this application (use Compare() if you want to enable case sensitivity) --->
<CFIF CHECKUSER.PASSWORD IS FORM.PASSWORD>
<CFSET SESSION.UUID = CHECKUSER.UUID>
<!-- Does the application structure exist? If not, create one -->
<CFIF #ISDEFINED(&quot;application.UsersLoggedin&quot# IS FALSE>

<CFSET APPLICATION.USERSLOGGEDIN=STRUCTNEW()>
</CFIF>

<CFSET USERIDATDOOR = CHECKUSER.UUID>
<!-- Is there a user already using this login? -->
<CFIF #STRUCTKEYEXISTS(APPLICATION.USERSLOGGEDIN, USERIDATDOOR)# IS TRUE>
<!-- If so, we check if the session is 'virtually' timed out -->
<CFSET ENDTIME = #APPLICATION.USERSLOGGEDIN[USERIDATDOOR].TIMECREATED# + #APPTIMESPAN#>
<CFIF #DATECOMPARE(&quot;#Now()#&quot;, &quot;#EndTime#&quot# IS 1>
<!-- If the application variable is timed out then we delete the user from the structure, to leave some room for the new user -->
<CFOUTPUT>
<CFSCRIPT>
StructDelete(application.UsersLoggedin, #CheckUser.UUID#, true);
</CFSCRIPT>
</CFOUTPUT>

<!-- These Session variables are used to control the login validity through the application using the application.cfm -->
<CFSET SESSION.LOGGEDIN = TRUE>
<CFSET SESSION.UUID = CHECKUSER.UUID>
<CFSET session.alevel = checkuser.alevel>
<CFSET session.school = checkuser.school>
<CFSET session.name=checkuser.fname & &quot; &quot; & checkuser.lname>
<!-- We then add the current user session structure to the Application structure -->
<CFSET APPLICATION.USERSLOGGEDIN[&quot;#session.UUID#&quot;] = SESSION>
<!-- We add a time stamp to determinate the approximate timeout in case of an unexpected departure of the user -->
<CFSET APPLICATION.USERSLOGGEDIN[&quot;#Session.UUID#&quot;].TIMECREATED = NOW()>

<CFELSE>
<!-- If the session of the user currently logged in is not over, we display a message -->
<CFOUTPUT>
<CFIF #DATEDIFF(&quot;n&quot;, &quot;#Now()#&quot;, &quot;#EndTime#&quot# LT 1>
<CFSET MINUTESLEFT = 'LESS THAN ONE'>
<CFELSE>
<CFSET MINUTESLEFT = #DATEDIFF(&quot;n&quot;, &quot;#Now()#&quot;, &quot;#EndTime#&quot#>
</CFIF>
<CFSET REASON = &quot;: \n\n1- User #CheckUser.UUID# is already logged-in.\n2- OR you have terminated your last session abnormaly (e.g. your computer crashed).\n\nThis account will be unlocked in: #MinutesLeft# minute(s) from now.\n\nTo obtain more licenses, please contact our sales team.&quot;>
</CFOUTPUT>
</CFIF>

<!-- if we don't detect any user already logged in with the same login, we give the user access to the application -->
<CFELSE>
<!-- These Session variables are used to control the login validity through the application using the application.cfm -->
<CFSET SESSION.LOGGEDIN = TRUE>
<CFSET SESSION.UUID = CHECKUSER.UUID>
<CFSET session.alevel = checkuser.alevel>
<CFSET session.school = checkuser.school>
<CFSET session.name=checkuser.fname & &quot; &quot; & checkuser.lname>
<!-- We then add the current user session structure to the Application structure -->
<CFSET APPLICATION.USERSLOGGEDIN[&quot;#session.UUID#&quot;] = SESSION>
<!-- We add a time stamp to determinate the approximate timeout in case of an unexpected departure of the user -->
<CFSET APPLICATION.USERSLOGGEDIN[&quot;#Session.UUID#&quot;].TIMECREATED = NOW()>

</CFIF>

<!-- if the password was incorrect -->
<CFELSE>
<CFSET REASON = &quot;the password you\'ve typed is invalid. Try again&quot;>
</CFIF>

<!-- if the username was not present in the database -->
<CFELSE>
<CFOUTPUT>
<CFSET REASON = 'I COULD NOT FIND A USER NAMED #FORM.fname# #form.lname# HERE.'>
</CFOUTPUT>
</CFIF>

<!-- If the user is authenticated we transfer him/her to the homepage -->
<CFIF SESSION.LOGGEDIN>

<SCRIPT LANGUAGE=&quot;JavaScript&quot;>
self.location ='testpopup.html';
</SCRIPT>

<!-- If not we transfer the user to the login page -->
<CFELSE>
<CFOUTPUT>
<SCRIPT>
alert(&quot;Sorry! Your login was unsuccessful because #Reason#&quot;
self.location=&quot;login.html&quot;;
</SCRIPT>
</CFOUTPUT>

</CFIF>