Unable to login to Cartweaver Admin Unless First Logged Into Railo/Lucee Web Admin for Site

Railo 4.2.1.008 final
MySQL (5.5.40)
Java Version 1.7.0_45
OS Version Linux (3.14.23-22.44.amzn1.x86_64)

I have not had the opportunity to migrate my production web server from
Railo to Lucee.

I am having an issue where I cannot log into the Admin section of a
Cartweaver 4 site.
It keeps redirecting to the login page with an Access Denied error.

I have tried to document what’s going on
here: http://blog.wdbb.com.au/cfml-mura-and-coding/cartweaver-4-site-dev-to-live/

Today I logged into the Railo Web Admin to see if any settings might solve
the issue and fiddled with the Client Timeout setting. I was then able to
successfully log into the Cartweaver Admin!

Later, I tried to log in the the CW admin to update some products and was
greeted with the same Access Denied issue. I then logged into the Railo Web
Admin to see what was going on and noticed without changing any settings
that I was now able to log into CW!

Can someone please tell me what might be going on or how I might go about
diagnosing this?

Thanks for your effort.

Regards,

Daniel Jansen
Web Design Batemans Bay

Daniel,

The access denied error, is that a 403 error or is that just the text you receive?

Could it also be that your cookies are not respected somehow?

Is it happening regardless of what browser you are using?

Can you dump some variables from the session/client/cookie variables?

Check whether the CFID changes.

HTH

Sincerely
Gert Franz

RASIA GmbH

Spittelgasse 7

5103 Moeriken-Wildegg

Email: mailto:Gert_Franz @Gert_Franz
Skype: gert.franz

Phone Switzerland: +41 76 5680 231Von: lucee@googlegroups.com [mailto:lucee@googlegroups.com] Im Auftrag von Daniel Jansen
Gesendet: Mittwoch, 29. April 2015 14:51
An: lucee@googlegroups.com
Betreff: [Lucee] Unable to login to Cartweaver Admin Unless First Logged Into Railo/Lucee Web Admin for Site

Railo 4.2.1.008 final

MySQL (5.5.40)
Java Version 1.7.0_45

OS Version Linux (3.14.23-22.44.amzn1.x86_64)

I have not had the opportunity to migrate my production web server from Railo to Lucee.

I am having an issue where I cannot log into the Admin section of a Cartweaver 4 site.

It keeps redirecting to the login page with an Access Denied error.

I have tried to document what’s going on here: http://blog.wdbb.com.au/cfml-mura-and-coding/cartweaver-4-site-dev-to-live/

Today I logged into the Railo Web Admin to see if any settings might solve the issue and fiddled with the Client Timeout setting. I was then able to successfully log into the Cartweaver Admin!

Later, I tried to log in the the CW admin to update some products and was greeted with the same Access Denied issue. I then logged into the Railo Web Admin to see what was going on and noticed without changing any settings that I was now able to log into CW!

Can someone please tell me what might be going on or how I might go about diagnosing this?

Thanks for your effort.

Regards,

Daniel Jansen

Web Design Batemans Bay

–
You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/9f056b26-96a2-446f-a8bc-9c5816a39ec6%40googlegroups.com https://groups.google.com/d/msgid/lucee/9f056b26-96a2-446f-a8bc-9c5816a39ec6%40googlegroups.com?utm_medium=email&utm_source=footer .
For more options, visit https://groups.google.com/d/optout.

Hi Gert,

I’m sorry that I never replied to your post - I had thought that I had
gotten around the issue.

This week I received a call from the client advising me that the issue is
still existing.

The error that I am getting only is visible in the URL which
is: http://store.surferjude.com.au/cw4/admin/index.cfm?accessdenied=%2Fcw4%2Fadmin%2Fadmin-home.cfm%3F

The issue does happen regardless of browser.

CFID changes each time you post the form and the page loads.

Below is a dump of session/client and cookie vars:

If you like, I will create you an account for testing?

*Client Scope (Cookie)*cfidstring 67fbbefd-c5ea-40ef-b381-1f8f42024b71
cftokenstring 0hitcountnumber 1lastvisitDate Time (Australia/Sydney){ts
‘2015-09-14 15:22:17’}timecreatedDate Time (Australia/Sydney){ts
‘2015-09-14 15:22:17’}urltokenstring
CFID=67fbbefd-c5ea-40ef-b381-1f8f42024b71&CFTOKEN=0
Cookie Scope
cf_client_cwebed9907cf28735925eb5f6111d57556_hc string 2
cf_client_cwebed9907cf28735925eb5f6111d57556_lvstring 1442208137847
cf_client_cwebed9907cf28735925eb5f6111d57556_tcstring 1442208137847
CWAdminUsernamestringcwcartidstring 0railo_debug_modernstring 286721
*Session Scope (Memory)*cfidstring67fbbefd-c5ea-40ef-b381-1f8f42024b71
cftokenstring0CWStructdebugstringfalsePAGEVIEWSstring
index.cfm?accessdenied=%2Fcw4%2Fadmin%2Fadmin%2Dhome%2Ecfm%3F
productCatCurrentstring0productSecCurrentstring0userAlertstringCWCLIENT
Structcf_client_cwebed9907cf28735925eb5f6111d57556_hc string 2
cf_client_cwebed9907cf28735925eb5f6111d57556_lvstring 1442208137847
cf_client_cwebed9907cf28735925eb5f6111d57556_tcstring 1442208137847cwcartid
string 20150914031798041CWPRODVIEWSstringdiscountAppliedstring
discountPromoCodestringrailo_debug_modernstring 286721lastvisitDate Time
(Australia/Sydney){ts ‘2015-09-14 15:22:17’}sessionidstring
CWEBED9907CF28735925EB5F6111D57556_67fbbefd-c5ea-40ef-b381-1f8f42024b71_0
timecreatedDate Time (Australia/Sydney){ts ‘2015-09-14 15:22:17’}urltoken
string CFID=67fbbefd-c5ea-40ef-b381-1f8f42024b71&CFTOKEN=0

Has anybody found a solution on this issue?
I have the same problem and would appreciate if you can share what has
solved it for you.
Thank you
DominiqueOn Monday, September 14, 2015 at 1:29:23 AM UTC-4, Daniel Jansen wrote:

Hi Gert,

I’m sorry that I never replied to your post - I had thought that I had
gotten around the issue.

This week I received a call from the client advising me that the issue is
still existing.

The error that I am getting only is visible in the URL which is:
http://store.surferjude.com.au/cw4/admin/index.cfm?accessdenied=%2Fcw4%2Fadmin%2Fadmin-home.cfm%3F

The issue does happen regardless of browser.

CFID changes each time you post the form and the page loads.

Below is a dump of session/client and cookie vars:

If you like, I will create you an account for testing?

*Client Scope (Cookie)*cfidstring 67fbbefd-c5ea-40ef-b381-1f8f42024b71
cftokenstring 0hitcountnumber 1lastvisitDate Time (Australia/Sydney){ts
‘2015-09-14 15:22:17’}timecreatedDate Time (Australia/Sydney){ts
‘2015-09-14 15:22:17’}urltokenstring
CFID=67fbbefd-c5ea-40ef-b381-1f8f42024b71&CFTOKEN=0
Cookie Scope
cf_client_cwebed9907cf28735925eb5f6111d57556_hc string 2
cf_client_cwebed9907cf28735925eb5f6111d57556_lvstring 1442208137847
cf_client_cwebed9907cf28735925eb5f6111d57556_tcstring 1442208137847
CWAdminUsernamestringcwcartidstring 0railo_debug_modernstring 286721
*Session Scope (Memory)*cfidstring67fbbefd-c5ea-40ef-b381-1f8f42024b71
cftokenstring0CWStructdebugstringfalsePAGEVIEWSstring
index.cfm?accessdenied=%2Fcw4%2Fadmin%2Fadmin%2Dhome%2Ecfm%3F
productCatCurrentstring0productSecCurrentstring0userAlertstringCWCLIENT
Structcf_client_cwebed9907cf28735925eb5f6111d57556_hc string 2
cf_client_cwebed9907cf28735925eb5f6111d57556_lvstring 1442208137847
cf_client_cwebed9907cf28735925eb5f6111d57556_tcstring 1442208137847
cwcartidstring 20150914031798041CWPRODVIEWSstringdiscountAppliedstring
discountPromoCodestringrailo_debug_modernstring 286721lastvisitDate Time
(Australia/Sydney){ts ‘2015-09-14 15:22:17’}sessionidstring
CWEBED9907CF28735925EB5F6111D57556_67fbbefd-c5ea-40ef-b381-1f8f42024b71_0
timecreatedDate Time (Australia/Sydney){ts ‘2015-09-14 15:22:17’}urltoken
string CFID=67fbbefd-c5ea-40ef-b381-1f8f42024b71&CFTOKEN=0

For anybody looking for the answer to this, there seems to be a bug in
lucee were even if you turn on the session management in the web module, if
it is turn off in the server module, session management is will not
actually be turned on (but nothing will tell you it is not on!)
So the solution is to go to lucee server, turn it on there, then in the
lucee web admin and turn it on there as well.
Then no problem to login to cw4 admin.
DominiqueOn Friday, October 16, 2015 at 2:20:23 PM UTC-4, Dominique Dupuis wrote:

Has anybody found a solution on this issue?
I have the same problem and would appreciate if you can share what has
solved it for you.
Thank you
Dominique

On Monday, September 14, 2015 at 1:29:23 AM UTC-4, Daniel Jansen wrote:

Hi Gert,

I’m sorry that I never replied to your post - I had thought that I had
gotten around the issue.

This week I received a call from the client advising me that the issue is
still existing.

The error that I am getting only is visible in the URL which is:
http://store.surferjude.com.au/cw4/admin/index.cfm?accessdenied=%2Fcw4%2Fadmin%2Fadmin-home.cfm%3F

The issue does happen regardless of browser.

CFID changes each time you post the form and the page loads.

Below is a dump of session/client and cookie vars:

If you like, I will create you an account for testing?

*Client Scope (Cookie)*cfidstring 67fbbefd-c5ea-40ef-b381-1f8f42024b71
cftokenstring 0hitcountnumber 1lastvisitDate Time (Australia/Sydney){ts
‘2015-09-14 15:22:17’}timecreatedDate Time (Australia/Sydney){ts
‘2015-09-14 15:22:17’}urltokenstring
CFID=67fbbefd-c5ea-40ef-b381-1f8f42024b71&CFTOKEN=0
Cookie Scope
cf_client_cwebed9907cf28735925eb5f6111d57556_hc string 2
cf_client_cwebed9907cf28735925eb5f6111d57556_lvstring 1442208137847
cf_client_cwebed9907cf28735925eb5f6111d57556_tcstring 1442208137847
CWAdminUsernamestringcwcartidstring 0railo_debug_modernstring 286721
*Session Scope (Memory)*cfidstring67fbbefd-c5ea-40ef-b381-1f8f42024b71
cftokenstring0CWStructdebugstringfalsePAGEVIEWSstring
index.cfm?accessdenied=%2Fcw4%2Fadmin%2Fadmin%2Dhome%2Ecfm%3F
productCatCurrentstring0productSecCurrentstring0userAlertstringCWCLIENT
Structcf_client_cwebed9907cf28735925eb5f6111d57556_hc string 2
cf_client_cwebed9907cf28735925eb5f6111d57556_lvstring 1442208137847
cf_client_cwebed9907cf28735925eb5f6111d57556_tcstring 1442208137847
cwcartidstring 20150914031798041CWPRODVIEWSstringdiscountAppliedstring
discountPromoCodestringrailo_debug_modernstring 286721lastvisitDate Time
(Australia/Sydney){ts ‘2015-09-14 15:22:17’}sessionidstring
CWEBED9907CF28735925EB5F6111D57556_67fbbefd-c5ea-40ef-b381-1f8f42024b71_0
timecreatedDate Time (Australia/Sydney){ts ‘2015-09-14 15:22:17’}urltoken
string CFID=67fbbefd-c5ea-40ef-b381-1f8f42024b71&CFTOKEN=0