Possible Bug: 4.5.1.022 may break deserializeJSON( <db stored session> )

For reasons that are somewhat complicated (basically that sessionRotate
doesn’t work properly when sessions are stored in a database and
sessionCluster=true), we need to read old session data from the database,
then deserialize it:

query name=“getOldSession” datasource=“session_datasource” {
echo("SELECT data FROM cf_session_data
WHERE cfid = “);
queryparam value=arguments.strPreviousCfid sqltype=“varchar”;
echo(” AND name = ");
queryparam value=arguments.strApplicationName sqltype=“varchar”;
}

var oldSession = deserializeJson(getOldSession.data);

This worked until we upgraded to 4.5.1.022, when the following error occurs:

Invalid Syntax Closing [}] not found
at lucee.runtime.interpreter.CFMLExpressionInterpreter.functionArg(CFMLExpressionInterpreter.java:1443):1443
at lucee.runtime.interpreter.CFMLExpressionInterpreter.json(CFMLExpressionInterpreter.java:980):980
at lucee.runtime.interpreter.CFMLExpressionInterpreter.checker(CFMLExpressionInterpreter.java:949):949
at lucee.runtime.interpreter.CFMLExpressionInterpreter.clip(CFMLExpressionInterpreter.java:909):909
at lucee.runtime.interpreter.CFMLExpressionInterpreter.negateMinusOp(CFMLExpressionInterpreter.java:897):897
at lucee.runtime.interpreter.CFMLExpressionInterpreter.unaryOp(CFMLExpressionInterpreter.java:850):850
at lucee.runtime.interpreter.CFMLExpressionInterpreter.expoOp(CFMLExpressionInterpreter.java:839):839
at lucee.runtime.interpreter.CFMLExpressionInterpreter.divMultiOp(CFMLExpressionInterpreter.java:805):805
at lucee.runtime.interpreter.CFMLExpressionInterpreter.modOp(CFMLExpressionInterpreter.java:788):788
at lucee.runtime.interpreter.CFMLExpressionInterpreter.plusMinusOp(CFMLExpressionInterpreter.java:655):655
at lucee.runtime.interpreter.CFMLExpressionInterpreter.concatOp(CFMLExpressionInterpreter.java:637):637
at lucee.runtime.interpreter.CFMLExpressionInterpreter.decsionOp(CFMLExpressionInterpreter.java:438):438
at lucee.runtime.interpreter.CFMLExpressionInterpreter.notOp(CFMLExpressionInterpreter.java:423):423
at lucee.runtime.interpreter.CFMLExpressionInterpreter.andOp(CFMLExpressionInterpreter.java:394):394
at lucee.runtime.interpreter.CFMLExpressionInterpreter.orOp(CFMLExpressionInterpreter.java:376):376
at lucee.runtime.interpreter.CFMLExpressionInterpreter.xorOp(CFMLExpressionInterpreter.java:358):358
at lucee.runtime.interpreter.CFMLExpressionInterpreter.eqvOp(CFMLExpressionInterpreter.java:341):341
at lucee.runtime.interpreter.CFMLExpressionInterpreter.impOp(CFMLExpressionInterpreter.java:324):324
at lucee.runtime.interpreter.CFMLExpressionInterpreter.contOp(CFMLExpressionInterpreter.java:293):293
at lucee.runtime.interpreter.CFMLExpressionInterpreter.assignOp(CFMLExpressionInterpreter.java:277):277
at lucee.runtime.interpreter.CFMLExpressionInterpreter.interpret(CFMLExpressionInterpreter.java:205):205
at lucee.runtime.interpreter.CFMLExpressionInterpreter.interpret(CFMLExpressionInterpreter.java:182):182
at lucee.runtime.functions.conversion.DeserializeJSON.call(DeserializeJSON.java:53):53
at lucee.runtime.functions.conversion.DeserializeJSON.call(DeserializeJSON.java:50):50

Now, isJSON(getOldSession.data) returns false.

As best I can tell, the issues are:

  1. Sessions stored in the database use single quotes to denote strings
    instead of double quotes. I can work around this by replacing the quotes.
  2. Some of the date-based variables are stored as:
    ‘startDate’:createDateTime(2015,7,7,9,12,8,570,“EST5EDT”), which is also
    causing errors. This is more complicated to workaround.

This error only started after the 4.5.1.022 update.

Is there another way to access and deserialize session data stored in the
database?

Thanks,

Juan

What we need is the Json string passed into the function.? So best to the
following around the deserialize call

Try{
var oldSession = deserializeJson(getOldSession.data);
}
Catch(e){echo(getOldSession.data);abort;}

MichaAm Dienstag, 7. Juli 2015 schrieb Juan Aguilar :

For reasons that are somewhat complicated (basically that sessionRotate
doesn’t work properly when sessions are stored in a database and
sessionCluster=true), we need to read old session data from the database,
then deserialize it:

query name=“getOldSession” datasource=“session_datasource” {
echo("SELECT data FROM cf_session_data
WHERE cfid = “);
queryparam value=arguments.strPreviousCfid sqltype=“varchar”;
echo(” AND name = ");
queryparam value=arguments.strApplicationName sqltype=“varchar”;
}

var oldSession = deserializeJson(getOldSession.data);

This worked until we upgraded to 4.5.1.022, when the following error
occurs:

Invalid Syntax Closing [}] not found
at lucee.runtime.interpreter.CFMLExpressionInterpreter.functionArg(CFMLExpressionInterpreter.java:1443):1443
at lucee.runtime.interpreter.CFMLExpressionInterpreter.json(CFMLExpressionInterpreter.java:980):980
at lucee.runtime.interpreter.CFMLExpressionInterpreter.checker(CFMLExpressionInterpreter.java:949):949
at lucee.runtime.interpreter.CFMLExpressionInterpreter.clip(CFMLExpressionInterpreter.java:909):909
at lucee.runtime.interpreter.CFMLExpressionInterpreter.negateMinusOp(CFMLExpressionInterpreter.java:897):897
at lucee.runtime.interpreter.CFMLExpressionInterpreter.unaryOp(CFMLExpressionInterpreter.java:850):850
at lucee.runtime.interpreter.CFMLExpressionInterpreter.expoOp(CFMLExpressionInterpreter.java:839):839
at lucee.runtime.interpreter.CFMLExpressionInterpreter.divMultiOp(CFMLExpressionInterpreter.java:805):805
at lucee.runtime.interpreter.CFMLExpressionInterpreter.modOp(CFMLExpressionInterpreter.java:788):788
at lucee.runtime.interpreter.CFMLExpressionInterpreter.plusMinusOp(CFMLExpressionInterpreter.java:655):655
at lucee.runtime.interpreter.CFMLExpressionInterpreter.concatOp(CFMLExpressionInterpreter.java:637):637
at lucee.runtime.interpreter.CFMLExpressionInterpreter.decsionOp(CFMLExpressionInterpreter.java:438):438
at lucee.runtime.interpreter.CFMLExpressionInterpreter.notOp(CFMLExpressionInterpreter.java:423):423
at lucee.runtime.interpreter.CFMLExpressionInterpreter.andOp(CFMLExpressionInterpreter.java:394):394
at lucee.runtime.interpreter.CFMLExpressionInterpreter.orOp(CFMLExpressionInterpreter.java:376):376
at lucee.runtime.interpreter.CFMLExpressionInterpreter.xorOp(CFMLExpressionInterpreter.java:358):358
at lucee.runtime.interpreter.CFMLExpressionInterpreter.eqvOp(CFMLExpressionInterpreter.java:341):341
at lucee.runtime.interpreter.CFMLExpressionInterpreter.impOp(CFMLExpressionInterpreter.java:324):324
at lucee.runtime.interpreter.CFMLExpressionInterpreter.contOp(CFMLExpressionInterpreter.java:293):293
at lucee.runtime.interpreter.CFMLExpressionInterpreter.assignOp(CFMLExpressionInterpreter.java:277):277
at lucee.runtime.interpreter.CFMLExpressionInterpreter.interpret(CFMLExpressionInterpreter.java:205):205
at lucee.runtime.interpreter.CFMLExpressionInterpreter.interpret(CFMLExpressionInterpreter.java:182):182
at lucee.runtime.functions.conversion.DeserializeJSON.call(DeserializeJSON.java:53):53
at lucee.runtime.functions.conversion.DeserializeJSON.call(DeserializeJSON.java:50):50

Now, isJSON(getOldSession.data) returns false.

As best I can tell, the issues are:

  1. Sessions stored in the database use single quotes to denote strings
    instead of double quotes. I can work around this by replacing the quotes.
  2. Some of the date-based variables are stored as:
    ‘startDate’:createDateTime(2015,7,7,9,12,8,570,“EST5EDT”), which is also
    causing errors. This is more complicated to workaround.

This error only started after the 4.5.1.022 update.

Is there another way to access and deserialize session data stored in the
database?

Thanks,

Juan


You received this message because you are subscribed to the Google Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to lucee+unsubscribe@googlegroups.com
<javascript:_e(%7B%7D,‘cvml’,‘lucee%2Bunsubscribe@googlegroups.com’);>.
To post to this group, send email to lucee@googlegroups.com
<javascript:_e(%7B%7D,‘cvml’,‘lucee@googlegroups.com’);>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/a68b2a9e-7d26-4ea1-bf6f-3ceccae3c99c%40googlegroups.com
https://groups.google.com/d/msgid/lucee/a68b2a9e-7d26-4ea1-bf6f-3ceccae3c99c%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

if you store complex objects then you will probably get better results
by using serialize()/evaluate() vs. the JSON functions, as serialize()
can serialize objects that can not be represented in JSON (e.g. CFCs and
Java objects).

Some of the date-based variables are stored as:
‘startDate’:createDateTime(2015,7,7,9,12,8,570,“EST5EDT”), which is
also causing errors. This is more complicated to workaround.

datetime objects should be stored in ISO-8601 format for JSON. that’s
something that we should fix in the serializeJSON() function IMO.

Igal Sapir
Lucee Core Developer
Lucee.org http://lucee.org/On 7/7/2015 11:59 AM, Michael Offner wrote:

What we need is the Json string passed into the function.? So best to
the following around the deserialize call

Try{
var oldSession = deserializeJson(getOldSession.data);
}
Catch(e){echo(getOldSession.data);abort;}

Micha

Am Dienstag, 7. Juli 2015 schrieb Juan Aguilar :

For reasons that are somewhat complicated (basically that
sessionRotate doesn't work properly when sessions are stored in a
database and sessionCluster=true), we need to read old session
data from the database, then deserialize it:

|
query name="getOldSession"datasource="session_datasource"{
 echo("SELECT data FROM cf_session_data
 WHERE cfid = ");
 queryparam value=arguments.strPreviousCfid sqltype="varchar";
 echo(" AND name = ");
 queryparam value=arguments.strApplicationName sqltype="varchar";
}

varoldSession =deserializeJson(getOldSession.data);
|

This worked until we upgraded to 4.5.1.022, when the following
error occurs:

Invalid Syntax Closing [}] not found
at lucee.runtime.interpreter.CFMLExpressionInterpreter.functionArg(CFMLExpressionInterpreter.java:1443):1443
at lucee.runtime.interpreter.CFMLExpressionInterpreter.json(CFMLExpressionInterpreter.java:980):980
at lucee.runtime.interpreter.CFMLExpressionInterpreter.checker(CFMLExpressionInterpreter.java:949):949
at lucee.runtime.interpreter.CFMLExpressionInterpreter.clip(CFMLExpressionInterpreter.java:909):909
at lucee.runtime.interpreter.CFMLExpressionInterpreter.negateMinusOp(CFMLExpressionInterpreter.java:897):897
at lucee.runtime.interpreter.CFMLExpressionInterpreter.unaryOp(CFMLExpressionInterpreter.java:850):850
at lucee.runtime.interpreter.CFMLExpressionInterpreter.expoOp(CFMLExpressionInterpreter.java:839):839
at lucee.runtime.interpreter.CFMLExpressionInterpreter.divMultiOp(CFMLExpressionInterpreter.java:805):805
at lucee.runtime.interpreter.CFMLExpressionInterpreter.modOp(CFMLExpressionInterpreter.java:788):788
at lucee.runtime.interpreter.CFMLExpressionInterpreter.plusMinusOp(CFMLExpressionInterpreter.java:655):655
at lucee.runtime.interpreter.CFMLExpressionInterpreter.concatOp(CFMLExpressionInterpreter.java:637):637
at lucee.runtime.interpreter.CFMLExpressionInterpreter.decsionOp(CFMLExpressionInterpreter.java:438):438
at lucee.runtime.interpreter.CFMLExpressionInterpreter.notOp(CFMLExpressionInterpreter.java:423):423
at lucee.runtime.interpreter.CFMLExpressionInterpreter.andOp(CFMLExpressionInterpreter.java:394):394
at lucee.runtime.interpreter.CFMLExpressionInterpreter.orOp(CFMLExpressionInterpreter.java:376):376
at lucee.runtime.interpreter.CFMLExpressionInterpreter.xorOp(CFMLExpressionInterpreter.java:358):358
at lucee.runtime.interpreter.CFMLExpressionInterpreter.eqvOp(CFMLExpressionInterpreter.java:341):341
at lucee.runtime.interpreter.CFMLExpressionInterpreter.impOp(CFMLExpressionInterpreter.java:324):324
at lucee.runtime.interpreter.CFMLExpressionInterpreter.contOp(CFMLExpressionInterpreter.java:293):293
at lucee.runtime.interpreter.CFMLExpressionInterpreter.assignOp(CFMLExpressionInterpreter.java:277):277
at lucee.runtime.interpreter.CFMLExpressionInterpreter.interpret(CFMLExpressionInterpreter.java:205):205
at lucee.runtime.interpreter.CFMLExpressionInterpreter.interpret(CFMLExpressionInterpreter.java:182):182
at lucee.runtime.functions.conversion.DeserializeJSON.call(DeserializeJSON.java:53):53
at lucee.runtime.functions.conversion.DeserializeJSON.call(DeserializeJSON.java:50):50


Now, isJSON(getOldSession.data) returns false.

As best I can tell, the issues are:

 1. Sessions stored in the database use single quotes to denote
    strings instead of double quotes. I can work around this by
    replacing the quotes.
 2. Some of the date-based variables are stored as:
    'startDate':createDateTime(2015,7,7,9,12,8,570,"EST5EDT"),
    which is also causing errors. This is more complicated to
    workaround.

This error only started after the 4.5.1.022 update.

Is there another way to access and deserialize session data stored
in the database?

Thanks,

Juan

-- 
You received this message because you are subscribed to the Google
Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to lucee+unsubscribe@googlegroups.com
<javascript:_e(%7B%7D,'cvml','lucee%2Bunsubscribe@googlegroups.com');>.
To post to this group, send email to lucee@googlegroups.com
<javascript:_e(%7B%7D,'cvml','lucee@googlegroups.com');>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/a68b2a9e-7d26-4ea1-bf6f-3ceccae3c99c%40googlegroups.com
<https://groups.google.com/d/msgid/lucee/a68b2a9e-7d26-4ea1-bf6f-3ceccae3c99c%40googlegroups.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout.


You received this message because you are subscribed to the Google
Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to lucee+unsubscribe@googlegroups.com
mailto:lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com
mailto:lucee@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/CAG%2BEEByYHh%2B51j-C4NkoPGtY%3DwpdTOT_GEX%3D1jFD-S7UcmZ6cA%40mail.gmail.com
https://groups.google.com/d/msgid/lucee/CAG%2BEEByYHh%2B51j-C4NkoPGtY%3DwpdTOT_GEX%3D1jFD-S7UcmZ6cA%40mail.gmail.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

Good point, Micha.

I stepped up from 4.5.1.000 to 4.5.1.022 and the bug (or change in
behavior, upon closer inspection) was introduced between 4.5.1.020 and
4.5.1.022.

This worked prior to 4.5.1.022:


{‘rb’:‘en_US’,‘rememberMe’:0,‘remote_addr’:‘127.0.0.1’,‘mura’:{‘lname’:’’,‘showTrace’:‘false’,‘userID’:’’,‘company’:’’,‘ChangesetPreviewData’:’’,‘subtype’:‘Default’,‘lastlogin’:’’,‘membershipids’:’’,‘csrfsecretkey’:‘0B2EFE1E-D4C3-4935-8B55806A7F4EB4CF’,‘isLoggedIn’:‘false’,‘siteID’:’’,‘fname’:’’,‘csrfusedtokens’:{},‘password’:’’,‘remoteID’:’’,‘username’:’’,‘memberships’:’’,‘email’:’’,‘passwordCreated’:’’,‘requestcount’:54},‘timecreated’:createDateTime(2015,7,7,13,11,8,11,“America/New_York”),‘loginAttempts’:0,‘siteid’:‘portal’,‘trackingID’:‘6B2FDB24-EBD6-489C-A04D9F9F214165E4’,‘dateKey’:’

‘,‘locale’:‘en_US’,‘foundeo_firewall_ip’:‘127.0.0.1’,‘localeHasDayParts’:10,‘dateKeyFormat’:‘MM/DD/YYYY’,‘userFilesPath’:’/portal/assets/’,‘blockLoginUntil’:’’,‘foundeo_firewall_ua’:‘Mozilla/5.0
(Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/43.0.2357.130
Safari/537.36’,‘sessionid’:‘testsite_b639477c-d061-45d5-938e-08c7f00203cc_0’,‘lastvisit’:createDateTime(2015,7,7,14,38,57,523,“America/New_York”)}

try { dump(isJSON(sessiondata)); dump(DeserializeJSON(sessiondata)); } catch (Any excpt) { dump(excpt); }

(As you can see, it’s mostly session data from a Mura instance, with some
FuseGuard stuff in there, too.)

Looking at Igal’s reply below, I see that part of my mistake was in
assuming that the session data was being stored as JSON. Now I see that
it’s not. So, this does work, instead:

try { dump(isJSON(sessiondata)); dump(Evaluate(sessiondata)); } catch (Any excpt) { dump(excpt); }

Bottom line is that something changed from 4.5.1.020 to 4.5.1.022 and it’s
probably for the better but it definitely broke something that was working
before!

Thanks for your kind and prompt assistance.

Juan>