Stuck here, and it is making me go mad.
The problem is with session variables. I have a local installation of lucee on my laptop. Where everything works fine. Although when I sent the project up to my host server it refuses to store any session variable changes.
I have 5.2.9.31 on my laptop and 5.3.2.77 on my server. Has something changed with setting session variables?
The code does the following:
Root dir:
index.cfm
application.cfc
The application.cfc file has a cfswitch tag inside OnRequest - this then changes a variable defined inside a template tag on the index page.
Navigation is done with url.page value. So starting you are on index.cfm?page=login
I have a link with ?page=login_force that triggers a template file with:
<cfset session.online = 1>
<cflocation url="?page=dashboard">
this method works on my laptop. I can click the link and it sets the session.online to 1 and sends you to the dashboard page. - But on the host server it just sends you back to ?page=login
I have spent the entire day today reinstalling ubuntu web server going down the apache connector route. Thinking that the server I have is probably being weird (this is not a production server) - only to find that the problem is still there =S - I am so confused, and defeated lol
The domain is under cloudflare as well, so not sure if that is doing something.
Any help would be amazing and much appreciated
Here is my application.cfc
<cfcomponent
displayname="umbrella_c"
output="true"
hint="Handle the application.">
<!--- Set up the application. --->
<cfset this.Name = "umbrella_c" />
<cfset this.ApplicationTimeout = CreateTimeSpan( 0, 0, 2, 0 ) />
<cfset this.sessionTimeout = CreateTimeSpan( 0, 0, 60, 0 ) />
<cfset this.SessionManagement = true />
<cfset this.SetClientCookies = false />
<!--- Define the page request properties. --->
<cfsetting
requesttimeout="20"
showdebugoutput="true"
enablecfoutputonly="false"
/>
<cffunction
name="OnApplicationStart"
access="public"
returntype="boolean"
output="false"
hint="Fires when the application is first created.">
<!--- Return out. --->
<cfreturn true />
</cffunction>
<cffunction
name="OnSessionStart"
access="public"
returntype="void"
output="false"
hint="Fires when the session is first created.">
<cfparam name="session.online" default="0">
<!--- Return out. --->
<cfreturn />
</cffunction>
<cffunction
name="OnRequestStart"
access="public"
returntype="boolean"
output="false"
hint="Fires at first part of page processing.">
<!--- Define arguments. --->
<cfargument
name="TargetPage"
type="string"
required="true"
/>
<cfparam name="url.page" default="dashboard">
<!--- Return out. --->
<cfreturn true />
</cffunction>
<cffunction
name="OnRequest"
access="public"
returntype="void"
output="true"
hint="Fires after pre page processing is complete.">
<!--- Define arguments. --->
<cfargument
name="TargetPage"
type="string"
required="true"
/>
<cfparam name="themeActive" default="1">
<cfswitch expression="#url.page#">
<cfcase value="login">
<cfset themeActive = 0>
<cfset pageTitle = "Login">
<cfset thisTemplate = "inc/login.cfm">
</cfcase>
<cfcase value="login_help">
<cfset themeActive = 0>
<cfset pageTitle = "Login Help">
<cfset thisTemplate = "inc/login_help.cfm">
</cfcase>
<cfcase value="login_force">
<cfset themeActive = 0>
<cfset pageTitle = "Login Force">
<cfset thisTemplate = "inc/login_force.cfm">
</cfcase>
<cfcase value="logout">
<cfset themeActive = 0>
<cfset pageTitle = "Logout">
<cfset thisTemplate = "inc/logout.cfm">
</cfcase>
<cfcase value="dashboard">
<cfset pageTitle = "Dashboard">
<cfset thisTemplate = "inc/display_all.cfm">
</cfcase>
<cfdefaultcase>
<cflocation url="?page=dashboard" addtoken="false">
</cfdefaultcase>
</cfswitch>
<!--- Include the requested page. --->
<cfinclude template="#ARGUMENTS.TargetPage#" />
<cfif url.page eq "login" or url.page eq "login_help">
<cfif session.online eq 1>
<cflocation url="?page=dashboard" addtoken="false">
</cfif>
<cfelse>
<cfif session.online eq 0>
<cflocation url="?page=login" addtoken="false">
</cfif>
</cfif>
<!--- Return out. --->
<cfreturn />
</cffunction>
<cffunction
name="OnRequestEnd"
access="public"
returntype="void"
output="true"
hint="Fires after the page processing is complete.">
<!--- Return out. --->
<cfreturn />
</cffunction>
<cffunction
name="OnSessionEnd"
access="public"
returntype="void"
output="false"
hint="Fires when the session is terminated.">
<!--- Define arguments. --->
<cfargument
name="SessionScope"
type="struct"
required="true"
/>
<cfargument
name="ApplicationScope"
type="struct"
required="false"
default="#StructNew()#"
/>
<!--- Return out. --->
<cfreturn />
</cffunction>
<cffunction
name="OnApplicationEnd"
access="public"
returntype="void"
output="false"
hint="Fires when the application is terminated.">
<!--- Define arguments. --->
<cfargument
name="ApplicationScope"
type="struct"
required="false"
default="#StructNew()#"
/>
<!--- Return out. --->
<cfreturn />
</cffunction>
</cfcomponent>
Do the cookies change between requests?
I have an if statement to find out if session.online has changed to 1 and not default 0
so the if statement keeps sending me back to the login page meaning the session.online variable is not being updated.
Here is an example: REDACTED LINK
Edit - that link may not work as I am working on moving away from cloudflare. This one will likely work: REDACTED LINK
Edit, Edit - got it working. but only if I place <cfset session.online = 0> in the inc/login.cfm page template
very weird…
Found it!
It was this:
<cfif url.page eq "login" or url.page eq "login_help">
<cfif session.online eq 1>
<cflocation url="?page=dashboard" addtoken="false">
</cfif>
<cfelse>
<cfif session.online eq 0>
<cflocation url="?page=login" addtoken="false">
</cfif>
</cfif>
found at the bottom of OnRequest - I was sending ?page=force_login and this part didn’t like it lol - I think I need a break lol
It wasn’t the above.
I had to change my session management to JEE from within the Lucee server admin.
Still unsure why normal cfml session management was not working.
You can set it per Application.cfc using <cfset this.SessionType = "jee" /> or you can navigate to YOURSERVER/lucee/admin/server.cfm then click scopes found on the menu to the left. At the top there will be an option for Session Type.
You’ve got <cfset this.SetClientCookies = false /> but don’t seem to be then setting cookies later…
I was setting up for the server to handle all session information, or am I doing it wrong? 
yes, lucee needs the client side cookies to maintain session state
1 Like
The sessions are on the server, but cookies are used to associate an enduser/client with that cookie… Setting that value to true will probably make the app behave as you are expecting.
I don’t think that setting controls the j2ee sessions, which is why you saw changing the session type work…
Usually when it’s set to false it’s because we want more control over the session cookie and therefore do something like
public void function onSessionStart () output=false {
// Sort out secure cookies
header name="Set-Cookie" value="cftoken=0; Path=/; HTTPOnly; Secure;";
header name="Set-Cookie" value="cfid=" & Session.cfId & "; Path=/; HTTPOnly; Secure;";
return;
}
Ah. OK. - I don’t want to set information in a cookie file. So, if I enable client cookies and change the setting to store in memory; That should work?
You’re not setting the information in the cookie… the cookie is just going to contain the ID that associates that user with the information stored in the server’s memory…
Right. So I think my understanding of how this works is very wrong.
My thinking was that sessions and the session.whateverVar were stored in server memory, using the connection to set an ID; and cookie with its cookie.whateverVar were stored as a file.
I am treating them as separate variable scopes…
They are separate things…
Session.AmILoggedIn is stored (by default) in the server’s memory. Cookie.PleaseRememberMe is stored in the clients browser.
However, to track the user when running sessions, Lucee/CF will drop a cookie containing an ID… 5 for instance (it isn’t really a simple number). Now, when the browser goes back to the server it sends cfid of 5 to the server. The server then knows that the version of Session.AmILoggedIn is user 5’s version, not another users version of Session.AmILoggedIn.
It’s a little easier to see this if you store your session variables in a DB, as you can open the table and see hundreds of rows, each containing a persons session variables… and you can see the IDs associated with each one that the cfid is then used to reference
1 Like
Ah, right. OK. I was assuming that cookies weren’t needed if using session data. Didn’t realise that a server session needed a client side cookie. I thought it was doing it by IP and or browser identity.
Thanks for helping me out. I really appreciate it 