My user comes from a 3rd party site via http post with login credentials encrypted in the URL.
Once the index.cfm recognizes these variables, it sends the request to:
<cflocation url="login.cfm?vals=#URLEncodedFormat(url.vals)#" addtoken="yes">
The login.cfm builds a session struct if the login credentials are valid.
Session.user.userID = 1;
Session.user.firstName = "jo";
Session.user.lastName = "boo";
Then, it does:
<cflocation url="somepage.cfm" addtoken="yes">
When I dump the session variable in somepage.cfm, I do not see the session.user struct. Also, I keep seeing different cfid, cftoken on somepage.cfm every single I refresh. I am on ColdFusion 10.
Any ideas? How can I keep the session.user?
Edit: application.cfc has
this.name = "My Application";
this.applicationTimeout = createTimeSpan(0,2,0,0);
this.clientManagement = true;
this.loginStorage = "session";
this.sessionManagement = true;
this.sessionTimeout = createTimeSpan(0,0,30,0);
this.setClientCookies = true;
this.setDomainCookies = false;
this.scriptProtect = "all";
this.javaSettings = {LoadPaths = ["#GetDirectoryFromPath(GetCurrentTemplatePath())#java/"], reloadOnChange=true, watchInterval=180};
EDIT: here are the files
http://1drv.ms/1kjnQO2
Unzip them to your C:\ColdFusion10\cfusion\wwwroot\
then go to :
http://localhost:8500/test/call.cfm
EDIT: 19:00 - 10Jun:
Wow, this really sucked! Came home, downloaded the zip, opened it up to localhost. When I run, I can see the session.user variables from call.cfm.
<cfdump var="#server#">
gives me:
coldfusion
struct
InstallKit Native Windows
appserver J2EE
expiration {ts '2012-10-30 10:35:35'}
productlevel Developer
productname ColdFusion Server
productversion 10,0,0,283111
rootdir C:\ColdFusion10\cfusion
I am not sure if this has something to do with the CF server version.
UPDATE: 09:00 11-Jun.
Once I disable "Use J2EE session variables " in CFAdmin, the session variables are visible to call.cfm. Now, I have to make it work with J2EE session variables when they are enabled.
Related
I recently migrated an app from CF2010 to CF2018 and we're having problems on sessions when a user logs in.
Adding some dumps and aborts I see that the session is successfully set on a valid login, but when using cflocation or cfheader it loses the session (application.cfc reruns onSessionStart). My application.cfc looks like:
this.applicationTimeout = createTimeSpan(0,8,0,0);
this.sessionmanagement = true;
this.clientmanagement = false;
this.sessiontimeout = createTimeSpan(0,0,20,0);
this.scriptProtect = "all";
this.setClientCookies = true;
this.showDebugOutput = false;
this.enablecfoutputonly = false;
onSessionStart is pretty simple:
public void function onSessionStart() {
lock scope="session" type="exclusive" timeout="10" {
session.started = now();
session.loggedIn = false;
};
lock scope="application" type="exclusive" timeout="5" {
application.sessions = application.sessions + 1;
};
writeLog(file = "g-session-log", type = "information", application = "no", text = "session started:");
};
I can see the log file gain an entry when the login page is processed. In the server admin I have "Use J2EE session variables" and "Enable Session Variables" both checked. Cookie timeout is 1440, HTTPOnly is checked and "Disable updating ColdFusion internal cookies using ColdFusion tags/functions" is checked.
Found the issue - answering in case anyone else has this problem. In my onApplicationStart() I set an http and https siteroot. On <cflocation> called application.secureSiteRoot but because I was moving the SSL cert over for testing I had it set to http, not https. That prevented the cookies from being set.
I am trying to download the subject of all new mails. The mails are stored in an office365 mail account. So far i have the following:
<cfimap
action ="OPEN"
connection = "Test"
password = "xxxx"
port = "993"
secure = "yes"
server = "outlook.office365.com"
stoponerror = "true"
timeout = "10"
username = "xxxx">
<cfimap
action="getHeaderOnly"
folder="Inbox"
connection="Test"
name="getHeaders"
>
<Cfdump var=#getHeaders#>
<cfimap action="close" connection = "Test">
This is ridiculously slow (several minutes). In my situation I only need to download the subject line of all new mails. I do not need anything else. Any thoughts on how to speed up things.
Update
Came up with an alternative solution. See Convert java code to coldfusion code for an alternative to the cfimap tag.
I am doing a project where I load a webview in my application(using visual studio 2012). On before loading web view i send a curl request to get some access_token which i need to set in the cookie for that particular webview so that the user is signed in for that webview automatically. So in the callback from curl when i get the token i call setCookie on cef global cookie Manager but it always returns me false.
CefRefPtr<CefCookieManager> cookieManager=CefCookieManager::GetGlobalManager();
CefString cefURL ;
cefURL.FromString(url.GetUTF8String());
bool retVal = cookieManager->SetCookie(cefURL,cookie);
Am i doing something wrong, is it because i am doing it on the curl callback which is a seperate thread.
CefRefPtr<CefCookieManager> manager =
CefCookieManager::GetGlobalManager(nullptr);
DCHECK(manager.get());
CefCookie cookie;
CefString(&cookie.name).FromString(key);
CefString(&cookie.value).FromString(value);
CefString(&cookie.domain).FromString(domain);
CefString(&cookie.path).FromString("/");
cookie.has_expires = true;
cookie.expires.year = 2099;
cookie.expires.month = 1;
cookie.expires.day_of_week = 1;
cookie.expires.day_of_month = 1;
std::string url = "https://" + domain;//eg:".stackoverflow.com"
//manager->SetCookie(url, cookie, nullptr);
CefPostTask(TID_IO, NewCefRunnableMethod(manager.get()
, &CefCookieManager::SetCookie
, CefString(url.c_str()), cookie, nullptr));
Set up through interprocess communication,use CefPostTask function
I use LDAP to authenticate users on my app.
<cftry>
<cfldap action="query"
name ="qryAuth"
attributes="cn,displayname,mail"
start ="DC=corp,DC=com"
server ="#LDAPserver#"
filter = "(cn=#arguments.EID#)"
username ="corp\#arguments.EID#"
password ="#arguments.password#">
<cfset this.addlog(arguments.EID, "Success on #LDAPserver#")>
<cfreturn true>
<cfcatch>
<cfset this.addlog(arguments.EID, "#cfcatch.message# on #LDAPserver#")>
<cfif cfcatch.message CONTAINS "error code 49">
Error code 49 is when a user enters a bad password. Every time this is ran an error is logged. Is there a way to check for passwords via LDAP without using try/catch?
Write a pre-parse plugin that performs the BIND before the server performs the operation and sets a well-known condition indicating he BIND would have failed. Professional-quality LDAP server provide the described functionality out of the box.
I want to login with gmail/google account and I found this tutorial Gmail Login in Coldfusion. I done All the steps and After login my page redirect then I want to display user Profile information so I dump this
<cfdump var="#session.profilesArray#">
but it gives me an empty array.why I am not getting my profile data after successfully lo-gin.
If I am getting wrong way for fetching my profile then what is correct way. Thanks.
You just add this line into your scope
Open your Application.cfc and then add this code
change scope = "https://www.googleapis.com/auth/analytics.readonly" with scope = "https://www.googleapis.com/auth/userinfo.email+https://www.googleapis.com/auth/userinfo.profile
you can just add scope = "https://www.googleapis.com/auth/userinfo.profile but if u want to access email then add second one as I Post in my answer.
<cfset request.oauthSettings =
{scope = "https://www.googleapis.com/auth/userinfo.email+https://www.googleapis.com/auth/userinfo.profile",
client_id = "Your-id",
client_secret = "your-secret",
redirect_uri = "redirect-page",
state = "optional"} />
Now you can get User Information from function that you can call like this
<cfscript>
public function getProfile(accesstoken) {
var h = new com.adobe.coldfusion.http();
h.setURL("https://www.googleapis.com/oauth2/v1/userinfo");
h.setMethod("get");
h.addParam(type="header",name="Authorization",value="OAuth #accesstoken#");
h.addParam(type="header",name="GData-Version",value="3");
h.setResolveURL(true);
var result = h.send().getPrefix();
return deserializeJSON(result.filecontent.toString());
}
</cfscript>
<cfoutput>
<cfset show = getProfile(session.ga_accessToken)>
<cfdump var="#show#">
</cfoutput>
Hope this will help you.