I have an application.cfc where I tell the program that I want the session timeout to be one hour like so:
<cfset this.sessionTimeout = "#createTimeSpan(0,1,0,0)#">
Then on other pages I try to set up a warning when the timeout is going to end by doing
<!---Session Timeout Warning Pop up set to 1 hour--->
<cfset sessionTimeout = 60>
<!---Warning 1 minute before Session will timeout--->
<script>
<cfoutput>
var #toScript((sessionTimeout-1)*60*1000,"sTimeout")#
</cfoutput>
setTimeout('sessionWarning()', sTimeout);
function sessionWarning() {
alert('ATTENTION: Your session will time out shortly do to inactivity.');
}
</script>
<!---End of Warning--->
For some reason the time out is not timing out at 59 minutes. Am I missing something?
Related
I’m just trying to get something up and running in Amazon MWS with Coldfusion. Here is the code I’m using… super simple. When I replace the querystring part with an exact query string from the Amazon MWS scratchpad webpage, I get the EXACT same signature… so I know my signature code is working. But despite that, the only response I ever get from amazon is “The request signature we calculated does not match the signature you provided.” So I’m just thinking it's somehow in the way I’m sending it rather than the actual signature. I’ve tried a ton of different things and spent so much time, but I never get any other response even though I can get the signature to exactly match that of an example run on scratchpad.
Here is my code with obviously the relevant private data as variables that I have filled in in my actual code: (note I have to add 5 hours to my server’s time to make amazon happy with the request time so you might have to change that)
<CFSET nowtime = DateAdd(‘h’, 5, Now())>
<CFSET awsaccesskey = “”>
<CFSET sellerid = “”>
<CFSET secretkey = “”>
<CFSET mwsaccess = “”>
<CFSET queryString = “AWSAccessKeyId=#awsaccesskey#&Action=ListAllFulfillmentOrders&MWSAuthToken=#mwsaccess#&QueryStartDateTime=2020-04-12T04%3A00%3A00Z&SellerId=#sellerid#&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=#dateFormat(nowtime, ‘yyyy-mm-dd’)#T#encodeForURL(timeFormat(nowtime, ‘HH:mm:ss’))#Z&Version=2010-10-01”>
<CFSET signaturestring = “POST#chr(10)#mws.amazonservices.com#chr(10)#/FulfillmentOutboundShipment/2010-10-01#chr(10)##listSort(queryString, ‘text’, ‘asc’, ‘&’)#”>
<CFSET signature = encodeForURL(toBase64(binaryDecode(hmac(signaturestring, “#secretkey#”, “HmacSHA256”, “UTF-8”), “hex”)))>
<CFHTTP method=“POST” url=“https://mws.amazonservices.com/FulfillmentOutboundShipment/2010-10-01/?#queryString#&Signature=#signature#” >
<cfhttpparam type=“Header” name=“Content-Type” value=“application/x-www-form-urlencoded; charset=utf-8”/>
<cfhttpparam type=“Header” name=“x-amazon-user-agent” value=“Whatever/test (Language=Coldfusion)”/>
</CFHTTP>
<CFDUMP var="#CFHTTP.FileContent#" />
It’s a super simple request… but I just can’t get anywhere with it. Any help would be appreciated.
sigh. A guy on the Amazon forums figured it out for me. His handle is Autonomoose. Anyway, I have a / in the CFHTTP post line. this one:
<CFHTTP method=“POST” url=“https://mws.amazonservices.com/FulfillmentOutboundShipment/2010-10-01/?#queryString#&Signature=#signature#” >
Where it says 2010-10-01/?... That / there. Delete it and the whole thing works.
I recently migrated an app from CF2010 to CF2018 and we're having problems on sessions when a user logs in.
Adding some dumps and aborts I see that the session is successfully set on a valid login, but when using cflocation or cfheader it loses the session (application.cfc reruns onSessionStart). My application.cfc looks like:
this.applicationTimeout = createTimeSpan(0,8,0,0);
this.sessionmanagement = true;
this.clientmanagement = false;
this.sessiontimeout = createTimeSpan(0,0,20,0);
this.scriptProtect = "all";
this.setClientCookies = true;
this.showDebugOutput = false;
this.enablecfoutputonly = false;
onSessionStart is pretty simple:
public void function onSessionStart() {
lock scope="session" type="exclusive" timeout="10" {
session.started = now();
session.loggedIn = false;
};
lock scope="application" type="exclusive" timeout="5" {
application.sessions = application.sessions + 1;
};
writeLog(file = "g-session-log", type = "information", application = "no", text = "session started:");
};
I can see the log file gain an entry when the login page is processed. In the server admin I have "Use J2EE session variables" and "Enable Session Variables" both checked. Cookie timeout is 1440, HTTPOnly is checked and "Disable updating ColdFusion internal cookies using ColdFusion tags/functions" is checked.
Found the issue - answering in case anyone else has this problem. In my onApplicationStart() I set an http and https siteroot. On <cflocation> called application.secureSiteRoot but because I was moving the SSL cert over for testing I had it set to http, not https. That prevented the cookies from being set.
My user comes from a 3rd party site via http post with login credentials encrypted in the URL.
Once the index.cfm recognizes these variables, it sends the request to:
<cflocation url="login.cfm?vals=#URLEncodedFormat(url.vals)#" addtoken="yes">
The login.cfm builds a session struct if the login credentials are valid.
Session.user.userID = 1;
Session.user.firstName = "jo";
Session.user.lastName = "boo";
Then, it does:
<cflocation url="somepage.cfm" addtoken="yes">
When I dump the session variable in somepage.cfm, I do not see the session.user struct. Also, I keep seeing different cfid, cftoken on somepage.cfm every single I refresh. I am on ColdFusion 10.
Any ideas? How can I keep the session.user?
Edit: application.cfc has
this.name = "My Application";
this.applicationTimeout = createTimeSpan(0,2,0,0);
this.clientManagement = true;
this.loginStorage = "session";
this.sessionManagement = true;
this.sessionTimeout = createTimeSpan(0,0,30,0);
this.setClientCookies = true;
this.setDomainCookies = false;
this.scriptProtect = "all";
this.javaSettings = {LoadPaths = ["#GetDirectoryFromPath(GetCurrentTemplatePath())#java/"], reloadOnChange=true, watchInterval=180};
EDIT: here are the files
http://1drv.ms/1kjnQO2
Unzip them to your C:\ColdFusion10\cfusion\wwwroot\
then go to :
http://localhost:8500/test/call.cfm
EDIT: 19:00 - 10Jun:
Wow, this really sucked! Came home, downloaded the zip, opened it up to localhost. When I run, I can see the session.user variables from call.cfm.
<cfdump var="#server#">
gives me:
coldfusion
struct
InstallKit Native Windows
appserver J2EE
expiration {ts '2012-10-30 10:35:35'}
productlevel Developer
productname ColdFusion Server
productversion 10,0,0,283111
rootdir C:\ColdFusion10\cfusion
I am not sure if this has something to do with the CF server version.
UPDATE: 09:00 11-Jun.
Once I disable "Use J2EE session variables " in CFAdmin, the session variables are visible to call.cfm. Now, I have to make it work with J2EE session variables when they are enabled.
I want to login with gmail/google account and I found this tutorial Gmail Login in Coldfusion. I done All the steps and After login my page redirect then I want to display user Profile information so I dump this
<cfdump var="#session.profilesArray#">
but it gives me an empty array.why I am not getting my profile data after successfully lo-gin.
If I am getting wrong way for fetching my profile then what is correct way. Thanks.
You just add this line into your scope
Open your Application.cfc and then add this code
change scope = "https://www.googleapis.com/auth/analytics.readonly" with scope = "https://www.googleapis.com/auth/userinfo.email+https://www.googleapis.com/auth/userinfo.profile
you can just add scope = "https://www.googleapis.com/auth/userinfo.profile but if u want to access email then add second one as I Post in my answer.
<cfset request.oauthSettings =
{scope = "https://www.googleapis.com/auth/userinfo.email+https://www.googleapis.com/auth/userinfo.profile",
client_id = "Your-id",
client_secret = "your-secret",
redirect_uri = "redirect-page",
state = "optional"} />
Now you can get User Information from function that you can call like this
<cfscript>
public function getProfile(accesstoken) {
var h = new com.adobe.coldfusion.http();
h.setURL("https://www.googleapis.com/oauth2/v1/userinfo");
h.setMethod("get");
h.addParam(type="header",name="Authorization",value="OAuth #accesstoken#");
h.addParam(type="header",name="GData-Version",value="3");
h.setResolveURL(true);
var result = h.send().getPrefix();
return deserializeJSON(result.filecontent.toString());
}
</cfscript>
<cfoutput>
<cfset show = getProfile(session.ga_accessToken)>
<cfdump var="#show#">
</cfoutput>
Hope this will help you.
The code to get connected to my WebService (Lotus Notes Database) is created by the Flash Builder over "Data/Connect with WebService...". All works fine, but I have a problem to increase the request timeout. The API says that you can set the request timeout like this:
_serviceControl.requestTimeout = 300;
On a iOS (iPad) it seems to be work all fine. But if I run my app on desktop or on an android smartphone this only works if I set up the request timeout lower than ~30 seconds. If I don't set up the request timeout or higher than 30 and my app needs longer than 30 seconds to wait for an answer/result the "_serviceControl" fires an FaultEvent with the message:
body = ""
clientId = "DirectHTTPChannel0"
correlationId = "CDED773E-34E5-56F8-D521-4FFC393D7565"
destination = ""
extendedData = (null)
faultCode = "Server.Error.Request"
faultDetail = "Error: [IOErrorEvent type="ioError" bubbles=false cancelable=false eventPhase=2 text="Error #2032: Stream Error. URL: "http://...?OpenWebService" errorID=2032]. URL: "http://...?OpenWebService"
faultString = "HTTP request error"
headers = (Object)#1
DSStatusCode = 0
messageId = "91D11378-49D4-EDF7-CE7A-4FFCB09EBC47"
rootCause = (flash.events::IOErrorEvent)#2
bubbles = false
cancelable = false
currentTarget = (flash.net::URLLoader)#3
bytesLoaded = 0
bytesTotal = 0
data = ""
dataFormat = "text"
errorID = 2032
eventPhase = 2
target = (flash.net::URLLoader)#3
text = "Error #2032: Stream Error. URL: "http://...?OpenWebService"
type = "ioError"
timestamp = 0
timeToLive = 0
Any idea why this happens?
I had the same problem, requestTimeout didn't work.
If someone is looking for an answer, this configuration works fine for me :
import flash.net.URLRequestDefaults;
URLRequestDefaults.idleTimeout = 120000; //note this value represents milliseconds (120 secs)
Have a look here for more details : Flex HTTPService times out anyway
Though it seems to be assumed that requestTimeout doesn't work. It actually does... the 1st time.
After the 1st request, the requestTimeout is set in
HTTPService.channelSet.currentChannel.requestTimeout
If you have to change the timeout, you will want to do it there.
To see the specific offending code, see AbstractOperation.getDirectChannelSet(). Even for different instances of HTTPService, it pulls from:
private static var _directChannelSet:ChannelSet;
_directChannelSet is only instantiated once, and the requestTimeout on it is only set on creation, so even if you change the requestTimeout on HTTPService, it won't reflect in the request.