I have an application which has different types of users. I need to set sessionTimeout based on user type. For example admin 30 minutes, user 10 minutes. To do this, I gave a default sessionTimeout of 30 minutes in application.cfc
<cfcomponent output="false" extends="org.corfield.framework">
<cfset this.applicationTimeout = createTimeSpan(1,0,0,0) />
<cfset this.sessionManagement = true />
<cfset this.sessionTimeout = createTimeSpan(0,0,30,0) />
.............
............
</cfcomponent>
When I dump the application variables I can see sessionTimeout is 600 which is correct. Now in the onRequestStart method, I wrote a code to check the loggedIn user type and set the sessionTimeout accordingly.
<cfif StructKeyExists(session,"user") AND ListLast(CGI.HTTP_REFERER,"/") EQ "login.cfm" >
<cfif session.user.userType EQ "GSA">
<cfset this.sessionTimeout = createTimeSpan(0,0,10,0) />
</cfif>
</cfif>
After this when I dump application variables, sessionTimeout is showing in days not in seconds. And also session is not getting ended after 10 minutes.
Can someone help on this? How to implement two different sessionTimeout in an application? Also why it is showing the sessionTimeout in days instead of seconds once I set the sessionTimeout again?
I don't believe there is any way to modify this scope metadata from inside one of these functions: onApplicationStart, onSessionStart or onRequestStart. Meaning you can't set this.sessionTimeout in any of those methods.
I was recently looking into this ColdFusion 11: Changing Application "this" Scope metadata from different functions in extended Application.cfc. However metadata is set for every request made by ColdFusion. Meaning you can try an approach like mentioned in this article, by Ben Nadel, and move the logic that sets the timeout out of onRequest() and onto the this scope and try creating dynamic session timeouts.
Delaying ColdFusion Session Persistence Until User Logs In
You are probably going to have to get creative in figuring out which user is logging in at that point though. ( Even if authentication occurs later ... any harm in setting a timeout?)
Session timeouts are common for all users. The timeout duration is set application-wide when the first request comes.
I think the short answer is, you cannot set two different session timeout durations.
Here is one method you can use. It's kind of creating your own session management client side, but it would allow for custom session timeouts per user role.
Create a timestamp in the session scope that is initially set to the current time a user logs on to your app. In your app's client JavaScript, create a timer that calls a function every minute or so that in turn calls a server side function to see how much time has elapsed since the last recorded timestamp for that user. If the time elapsed reaches the maximum allowed for that user's role, use the JavaScript function to logout the user.
With this method you reset the timestamp each time the user "interacts" with the app (runs a script, calls a cfc library function, etc.), such that the user does not get logged out while actively using the app. The user is only logged out after "x" minutes of inactivity that you define, and the function you call on the server side can further define what that number is per user role.
I've used this in railo but i think it applies to coldfusion too.
getPageContext().getSession().setMaxInactiveInterval(javaCast("int", 60));
It basically sets the session time out value of the currently running request to 60 something (i can't remember if it's in minutes or seconds)
Related
I am using ColdFusion 8. I am using this line to timeout sessions:
<CFAPPLICATION NAME="XXX"
CLIENTMANAGEMENT="NO"
SESSIONMANAGEMENT="Yes"
sessionTimeout="#CreateTimeSpan(0,0,1,0)#">
I am creating a session like this:
if (not structKeyExists(SESSION, "UserInfo")) {
SESSION.UserInfo = structNew();
}
I expect that my session will timeout after one minute. This is not working properly. I've tried every combination of numers, but my sessions NEVER time out. Even after not working all weekend (and shutting down my browser), my session is still up and running.
Why might my sessions not be timing out?
EDIT ~ My proof that my sessions are not timing out is that I can access a site with specific info in the session scope and it will never die, even after weeks of not using that browser.
We have three sites with three distinct names 1) XXXProd, 2) XXXStage, and 3) XXXDev.
Have you considered switching to J2EE sessions?
<cfscript>
session.setMaxInactiveInterval(1);
getPageContext().getSession().invalidate();
</cfscript>
<cfcookie name="jsessionid" expires="now">
<cflocaton url="/" addtoken="false">
That will not only kill of the cookie and ColdFusions knowledge of the session, it will kill the underlying session as well. You also don't need to have a "sessionless" page request that way.
With your current situation, in Server Monitor can you see sessions being created and destroyed?
I need some help with creating an automatic timing script with ColdFusion. My assumption is cfschedule and conditionals will be used to get this done. I am looking for something automatic, not on browser loads.
Anyways, every 60 minutes I would like to see if a page on one of my servers (http://www.mysite.com/page.php) is working or not.
If the page is down when it is checked, then it will check again in 5 minutes to see if the page is back up.
If it is not back up, then I am sent an e-mail to email#mysite.com. If it is back up, then no action is required and we start the 60 minute cycle check again.
Can anybody please help me with this?
Mike,
Not sure what version of CFML you are on but you could certainly set a scheduled task in your cf-administrator (I prefer the admin over cfschedule ... personal preference is all) to run your "site checker" script/page each hour and then, in that script/page, you could do something along the lines of:
<cfhttp url="http://mysite.com/ping-this-mofo.cfm" method="get" >
<cfif cfhttp.statusCode neq "200 OK">
<!--- some code to sleep for 5 minutes or a one-time cfschedule to check the site again --->
<cfschedule action="run" task="my-task-thingy" url="script-that-will-run" interval="once" startDate="today" startTime="5 minutes from now" />
</cfif>
Then, when that "sub-scheduled task" runs, you could check for the server being active and, if it isn't, fire off a an email via cfmail.
I am storing 5-6 variable values in my session. Any suggestions on how can I renew my session struct when its about to expire? I am using Coldfusion 8.
Thanks!!
Use AJAX to ping the server to keep the session alive
Or just simply extend the session timeout timeSpand.
Any call to a CFM page from that session would cause the session to be extended. What I have seen done is a JS timer will be running and end shortly before the session expires. When the timer runs up it triggers a popup that loads a non CFM page(basic HTML) and that page states a message about the session ending soon and asking the user if they'd like to continue it.
Here's an idea of what Ajax to automatically ping the server could look like (as suggested in Henry's answer.)
//This function will keep the session alive as long as the page is still open.
//Whenever the page nears expiration, it automatically extends it.
function autoExtendSession(days,hours,mins,secs){
var milliseconds = (days*86400000)+(hours*3600000)+(mins*60000)+(secs*1000);
setTimeout(
function(){
$.post("server/heartbeat.cfm");
console.log("Heartbeat sent to the server.");
//Start another timer.
autoExtendSession(days,hours,mins,secs)
//Once we are 98% of the way to the timeout, the heartbeat is sent.
//This way the timeout should never actually be reached.
}, milliseconds-(milliseconds*0.02));
};
The hearbeat.cfm page doesn't actually have to contain anything, the server will renew the session when the $.post hits it, whether or not it has content.
Exact way of doing what you are asking for is to push session data into the database when onSessionEnd fired and restore it on next onSessionStart. To find out the data entries to read you can put cookie into the user's browser with unique identifier (for example, salted+encrypted id of that entry), kind of "Remember me" stuff.
You could try setting your session timeout to something small, say 5min.
Then when someone authenticates, extend the session timeout to something larger, 30min.
And if they signout, drop it back down.
eg. configure your cf admin with a 5 minute session timeout.
On sign in:
<cfscript>
// extend session timeout to 1800 seconds (30min)
session.SetMaxInactiveInterval( javaCast( 'long', 1800 ) );
</cfscript>
On sign out:
<cfscript>
// shrink session timeout to 300 seconds (5min)
session.SetMaxInactiveInterval( javaCast( 'long', 300 ) );
</cfscript>
The session hangs around for another 5 minutes and then is cleaned up.
Unless you continue using the site, in which case each page request would give you a further 5min.
Is there a way to reset the Application, via onApplicationStart, and ensure that all the servers in the cluster have their application restarted?
For example, in the current code, DSN is set in request.
I would like to push it to application scope, but if there is a change that needs to be made, I would like to make sure it is propagated to all the servers in the cluster without starting and stopping CF services.
One suggestion is to have a date-stamped file in your project that each server can read.
Get CF to save the date into the application on start-up and compare what it has against that file in each onRequestStart().
If the date ever changes then CF runs the onApplicationStart() of that server.
We use that technique with our ANT scripts, so as we deploy to each server ANT timestamps the file and the next person to hit our application causes the application reset.
Cheers,
James
We have our applications set up to reset their scopes via URL variable. So you could use code like this to restart the applications on all servers in your cluster via http through a page in your admin:
<cfset serverList = "Server1.domain.com,Server2.domain.com" />
<cfset threadList = "" />
<cfloop list="#serverList#" index="currentServer">
<cfset threadList = ListAppend(threadList, "thread#currentServer#") />
<cfthread
action="run"
name="thread#currentServer#"
url="http://#currentServer#?URLToResetScope"
key="#currentIndex#"
>
<cfhttp method="get" url="#Attributes.URL#" result="thread.cfhttp" />
</cfthread>
</cfloop>
<cfthread action="join" name="#threadList#" timeout="120000" />
<cfloop list="#threadList#" index="currentThread">
<cfset Results &= currenthThread & ": " & threadresult.cfhttp />
</cfloop>
What we're doing is taking a list of servers, then looping through that list, and with cfthread, passing off a request to each server to reset it's own scope. Then, we join all those threads together, and loop through them to get the results of each request. Then we can display those results in the admin, to make sure that all servers in the cluster got updated correctly. If there is any server that didn't get updated correctly, we can then go reset that server individually.
Dan
Our CF server occasionally stops processing mail. This is problematic, as many of our clients depend on it.
We found suggestions online that mention zero-byte files in the undeliverable folder, so I created a task that removes them every three minutes. However, the stoppage has occurred again.
I am looking for suggestions for diagnosing and fixing this issue.
CF 8 standard
Win2k3
Added:
There are no errors in the mail log at the time the queue fails
We have not tried to run this without using the queue, due to the large amount of mail we send
Added 2:
It does not seem to be a problem with any of the files in the spool folder. When we restart the mail queue, they all seem to process correctly.
Added 3:
We are not using attachments.
What we ended up doing:
I wrote two scheduled tasks. The first checked to see if there were any messages in the queue folder older than n minues (currently set to 30). The second reset the queue every night during low usage.
Unfortunately, we never really discovered why the queue would come off the rails, but it only seems to happen when we use Exchange -- other mail servers we've tried do not have this issue.
Edit: I was asked to post my code, so here's the one to restart when old mail is found:
<cfdirectory action="list" directory="c:\coldfusion8\mail\spool\" name="spool" sort="datelastmodified">
<cfset restart = 0>
<cfif datediff('n', spool.datelastmodified, now()) gt 30>
<cfset restart = 1>
</cfif>
<cfif restart>
<cfset sFactory = CreateObject("java","coldfusion.server.ServiceFactory")>
<cfset MailSpoolService = sFactory.mailSpoolService>
<cfset MailSpoolService.stop()>
<cfset MailSpoolService.start()>
</cfif>
We have not tried to run this without using the queue, due to the large amount of mail we send
Regardless, have you tried turning off spooling? I've seen mail get sent at a rate of 500-600 messages in a half second, and that's on kind of a crappy server. With the standard page timeout at 60 seconds, that would be ~72,000 emails you could send before the page would time out. Are you sending more than 72,000 at a time?
An alternative I used before CFMail was this fast was to build a custom spooler. Instead of sending the emails on the fly, save them to a database table. Then setup a scheduled job to send a few hundred of the messages and reschedule itself for a few minutes later, until the table is empty.
We scheduled the job to run once a day; and it can re-schedule itself to run again in a couple of minutes if the table isn't empty. Never had a problem with it.
Have you tried just bypassing the queue altogether? (In CF Admin, under Mail Spool settings, uncheck "Spool mail messages for delivery.")
I have the same problem sometimes and it isn't due to a zero byte file though that problem did crop up in the past. It seems like one or two files (the oldest ones in the folder) will keep the queue from processing. What I do is move all of the messages to a holding folder, restart the mail queue and copy the messages back in a chunk at a time in reverse chronological order, wait for them to go out and move some more over. The messages which were holding up the queue are put in a separate folder to be examined latter.
You can probably programmatically do this by stopping the queue, moving the oldest file to another folder, then start the mail queue and see if sending begins successfully by checking folder file counts and dates. If removing the oldest file doesn't work, repeat the previous process until all of the offending mail files are moved and sending continues successfully.
I hope the helps.
We have actually an identical setup, 32bit CF8 on Win2K3.
We employed Ben's solution about a year ago, and that certain has helped auto re-queue emails that get stuck.
However recently for no particular reason one of our 7 web servers decided to get into this state with every email attempt.
An exception occurred when setting up mail server parameters.
This exception was caused by:
coldfusion.mail.MailSessionException:
An exception occurred when setting up mail server
parameters..
Each of our web servers are identical clones of each other, so why it was only happening to that one is bizarre.
Another item to note is that we had a script which reboot the machine in the middle of the night due to JRUN's memory management issues. The act of rebooting seemed to initiate the problem. A subsequent restarting of the CF service would then clear it, and the machine would be fine until it rebooted again.
We found that the problem is related to the McAfee virus scanner, after updating it to exclude the c:\ColdFusion8 directory, the problem went away.
Hope that helps.
There is a bug in Ben Doom's code. Thank you anyway ben, the code is great, and we use it now on one of our servers with CF8 installed, but:
if directory (\spool) is empty, the code fails (error: Date value passed to date function DateDiff is unspecified or invalid.) That's because if the query object spool is empty (spool.recordcount EQ 0), the datediff function produces an error.
we used this now:
<!--- check if request for this page is local to prevent "webusers" to request this page over and over, only localhost (server) can get it e.g. by cf scheduled tasks--->
<cfsetting requesttimeout="30000">
<cfset who = CGI.SERVER_NAME>
<cfif find("localhost",who) LT 1>
security restriction, access denied.
<cfabort>
</cfif>
<!--- get spool directory info --->
<cfdirectory action="list" directory="C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\Mail\Spool\" name="spool" sort="datelastmodified">
<cfset restart = 0>
<cfif spool.recordcount GT 0><!--- content there? --->
<cfif datediff('n', spool.datelastmodified, now()) gt 120>
<cfset restart = 1>
</cfif>
</cfif>
<cfif restart><!--- restart --->
<cfsavecontent variable="liste">
<cfdump var="#list#">
</cfsavecontent>
<!--- info --->
<cfmail to="x#y.com" subject="cfmailqueue restarted by daemon" server="xxx" port="25" from="xxxx" username="xxxx" password="xxx" replyto="xxxx">
1/2 action: ...try to restart. Send another mail if succeeded!
#now()#
Mails:
#liste#
</cfmail>
<cfset sFactory = CreateObject("java","coldfusion.server.ServiceFactory")>
<cfset MailSpoolService = sFactory.mailSpoolService>
<cfset MailSpoolService.stop()>
<cfset MailSpoolService.start()>
<!--- info --->
<cfmail to="x#y.com" subject="cfmailqueue restarted by daemon" server="xxx" port="25" from="xxxx" username="xxxx" password="xxx" replyto="xxxx">
2/2 action: ...succeeded!
#now()#
</cfmail>
</cfif>
There is/was an issue with the mail spooler and messages with attachments in CFMX 8 that was fixed with one of the Hotfixes. Version 8.0.1, at least, should have had that fixed.