I turned on the session management in my application and find that session variables (user defined as well as cfid and cftoken) do no persist between pages when I do not turn on 'Use J2EE session variables' in CF Admin. Once I turn on this setting, the session variables persist. Below is the code in application.cfm
<cfapplication name="myapp"
applicationtimeout="#createtimespan(1, 0, 0, 0)#"
sessionmanagement="yes"
sessiontimeout="#createtimespan(1, 0, 0, 0)#"
clientmanagement="no">
Both 'Use J2EE session variables' as well as 'Enable Session variables' are turned on in CF admin.
Everything works fine on my personal laptop when I whip up a sample application (I don't have J2EE session variables turned on here).
Can someone clarify why this discrepancy. Why session variables are persisting between pages only when I turn on J2EE session?
check out your Global session timeout settings in the CFIDE admin page.
this will always override every settings in all the Applications.
Related
Is it possible?
I'm using cookies module in Drupal 9 and I had to force gtm.js to run, which works fine, but this script still generate cookies without user consent
By default Google Tag Manager does not sets cookies. If GTM sets cookies, then only if there are some tags and scripts running through GTM -> then you need to block them within GTM unless user agrees to cookies.
BUT: There is one scenario, where gtm.js sets cookies -> if you are in preview mode.
For 2 days now, my APEX is timing out every 10 minutes or less and it makes me lose my work!
I've tried to clean browser cookies and all...
Timeout is set in application's Shared components, Security Attributes, Session Management section.
"Maximum Session Length" is measured in seconds. If unset, it defaults to 43200 seconds (which is 12 hours) (for Apex 19.1) so ... check what it is currently set to.
I think that what you are facing is that your killing your previous sessions.
Every time you log in on an APEX application, it generates a session for your user (it's the random numbers in your URL)
If you have another browser tab opened and you request another log-in on the application, then another session is generated and if you go back to the other tab and try anything there, you will be asked to log-in again and if you do, the other session that you just logged-in will be killed.
For each application you log-in, is generated a session id that is saved on cookies of your browser. So just make sure that there's no other window or tab opened of that application already on the same session of your browser (although you can use different browser or incognito mode).
Also, pay attention in any favorite links that you made that links an APEX application. The same thing will happen if you are already logged-in and click on the favorite link that has a session on its URL.
This all can be avoided if you configure "Rejoin Sessions" parameter on the APEX installation enviroment: https://docs.oracle.com/cd/E59726_01/doc.50/e39151/adm_wrkspc002.htm#BABJCGAG
I've created a web application with this script surrounding common cfqueries and my navbar code.
<cfcache action="clientcache" timespan="#createtimespan(0,1,0,0)#">
On the signout page, I was using <cfset StructClear(Session)> to clear session data. I want to also clear the cache and was using <cfcache action="flush">.
However, something is off and the session isn't clearing and clients aren't able to sign out of the application. When I remove the cfcache tag, clients are able to log out but the system moves incredibly slow.
How do I get this working correctly with the cfcache tag? Thanks in advance.
Clearing the session scope does not end the session, it just clears variables in the session scope. The session scope is something that's availed to a session, but it doesn't actually represent the session itself.
You probably want to use sessionInvalidate() to invalidate the session. I have not tested this in conjuction with session-based caching, but presume it rotates the CFID and CFTOKEN cookies, so that should do the trick with any client stuff. Pay attention to the docs saying it only works with CF sessions, not J2EE ones. This might or might not be a consideration for you.
we are working on a mobile application for a dating site, mixing native views and web views.
The user need to log in into the iPhone app.
This is done with a webservice (WS). The WS checks the username/password in the database, then creates all the session variables and finally returns the CFID/CFTOKEN to the application.
But when the application try to call a web view including the CFID/CFTOKEN in the URL, the session is not set, and the user has to log in again in the webview... When he logs in again, then the session is created and stay active as usual.
Does I understand well the use of CFID/CFTOKEN ?
How to handle the session between 2 applications?
Thanks for your time !
Thank you for your answers. As Jason said, the web views are within the iphone app and we are on ColdFusion 8 The process i need to develop is the following: 1 - the user open the app and fill in his credentials 2 - the app authenticates him with a webservice 3 - the session is created 4 - the user navigate through the application (wich is webservice-based, no problem here...) 5 - some parts (80%) of the screens of application are webviews (non-native). When the user goes to webviews, he needs to be logged in automatically.
My idea was to authenticate the user with the webservice, then returns the CFID/CFTOKEN to the app, and append it to the url of each web view. But this do not work, the user has to log in twice, once in the app, once in the webviews.
I am dealing with a ticketing system that was written about 10 years ago using Coldfusion 8. When a user is authenticated and logins, the user's information about his ID is saved in CF cookies, and the site uses those cookies to fill it the user's ID, name, etc. when the user is filling out tickets.
This application works fine in Internet Explorer 6.0 However we are slowly migrating to Internet Explorer 8, so there are some users here that already started using IE8 fulltime. We've been getting complaints from some of these IE8 users, in which mid-session, the cookies are lost/become null, and the user can't complete the tickets. Users are able to login just fine, but sometimes in mid-session, errors like "NAME UNDEFINED" appear. They don't seem to be isolated to particular tickets because I've looked at all the complaints we have, and they're discovered in all sorts of tickets. I check the logs/screenshots and sure enough, the cookie for the employee ID is null. I've searched all over the web and I can't find good fixes for this.
I thought about converting cookies to session variables, but that would be a massive undertaking and require a lot of testing.
Any thoughts? Thanks in advance.
Any chance the domain is changing? You could be switching between www.servername.com and servername.com? Unless you were writing domain cookies a change in the domain would cause the written for one domain cookies to be unaccessible from another. You can enable domain cookies in your Application.cfm or Application.cfc file. Either set <cfset this.setDomainCookies = true /> in Application.cfc or set the setDomainCookies="true" attribute on your <cfapplication /> tag. This will write cookies accessible from any subdomain.
Have the cookies expired? You can set an expiration date for the cookie. Perhaps it is expiring before the user's session expires?
Have you tried using the IE development toolbar to track the cookies? You can use it to view cookies set for your site.
In one of my application , our users are facing the same issue.It started all of sudden without any change in code.We suggest them to clear cache and tr-try and it works.But i need to know the root cause and its fix.
Thank you