Can we renew session in Coldfusion? - coldfusion

I am storing 5-6 variable values in my session. Any suggestions on how can I renew my session struct when its about to expire? I am using Coldfusion 8.
Thanks!!

Use AJAX to ping the server to keep the session alive
Or just simply extend the session timeout timeSpand.

Any call to a CFM page from that session would cause the session to be extended. What I have seen done is a JS timer will be running and end shortly before the session expires. When the timer runs up it triggers a popup that loads a non CFM page(basic HTML) and that page states a message about the session ending soon and asking the user if they'd like to continue it.

Here's an idea of what Ajax to automatically ping the server could look like (as suggested in Henry's answer.)
//This function will keep the session alive as long as the page is still open.
//Whenever the page nears expiration, it automatically extends it.
function autoExtendSession(days,hours,mins,secs){
var milliseconds = (days*86400000)+(hours*3600000)+(mins*60000)+(secs*1000);
setTimeout(
function(){
$.post("server/heartbeat.cfm");
console.log("Heartbeat sent to the server.");
//Start another timer.
autoExtendSession(days,hours,mins,secs)
//Once we are 98% of the way to the timeout, the heartbeat is sent.
//This way the timeout should never actually be reached.
}, milliseconds-(milliseconds*0.02));
};
The hearbeat.cfm page doesn't actually have to contain anything, the server will renew the session when the $.post hits it, whether or not it has content.

Exact way of doing what you are asking for is to push session data into the database when onSessionEnd fired and restore it on next onSessionStart. To find out the data entries to read you can put cookie into the user's browser with unique identifier (for example, salted+encrypted id of that entry), kind of "Remember me" stuff.

You could try setting your session timeout to something small, say 5min.
Then when someone authenticates, extend the session timeout to something larger, 30min.
And if they signout, drop it back down.
eg. configure your cf admin with a 5 minute session timeout.
On sign in:
<cfscript>
// extend session timeout to 1800 seconds (30min)
session.SetMaxInactiveInterval( javaCast( 'long', 1800 ) );
</cfscript>
On sign out:
<cfscript>
// shrink session timeout to 300 seconds (5min)
session.SetMaxInactiveInterval( javaCast( 'long', 300 ) );
</cfscript>
The session hangs around for another 5 minutes and then is cleaned up.
Unless you continue using the site, in which case each page request would give you a further 5min.

Related

jmeter cookie manager - how to clear cookies for each user for each iteration?

I have a threadgroup with 100 thread (users), and loop count of 10.
I have a cookie manger with default setting.
The users are anonymous (not logged in), but I want to track the number of users hitting the site in application insights, as it will generate new .net session tokens.
When I run the test, i would expect cookies to be local to each threads loop iteration.
So I would expect cookies to be "cleared" on each thread 10 times, and so I would expect to generate 1,000 .net session cookies on my application.
however, I don't, I see 1.
In the cookie manager, there are two options:
Clear cookies each iteration
Use thread group configuration to control cookie clearing.
Both are unchecked.
But this makes no sense - I want the cookies to be cleared on each iteration for each user.
Should I check one or both of these? do I need to set anything on the thread group?
In the thread group, I have "user same user on each iteration" unchecked - each iteration should be considered a new user.
Also, does it mater where the cookie manger goes? I have always put it at the top, above the threadgroup, but perhaps it is supposed to go under the thread group?
Ideas?
100 * 10 gives 1000, not 10000
There are 2 ways on how you can clear the cookies each iteration:
Tick this box:
Or tick the other and untick Same user on each iteration on Thread Group level
I would go for the latter option as this allows controlling i.e. HTTP Cache Manager and HTTP Authorization Manager as well
HTTP Cookie Manager considers only Thread Group iteration as iteration, other loop sources like Loop Controller or While Controller are not taken into consideration
You might consider placing your HTTP Cookie Manager(s) in order to limit its(their) scope according to your test scenario
You can add to first request JSR223 PreProcessor with code that will clear cookies on each start of iteration
sampler.getCookieManager().clear()
I did some experimentation. I got the right results after doing this:
put the cookie manager under the threadgroup. Before I had it above.
set "Use thread group config to control cookie clearing" in cookie manger
In threadgroup, make sure "use same user on each iteration" was unchecked.
Now for each thread, and each iteration, i see new session cookies, and these are preserved just for that thread and iteration.

Do ColdFusion Scheduled Tasks have a built-in request timeout?

I have several scheduled tasks that essentially perform the same type of functionality:
Request JSON data from an external API
Parse the data
Save the data to a database
The "Timeout (in seconds)" field in the Scheduled Task form is empty for each task.
Each CFM template has the following line of code at the top of the page:
<cfscript>
setting requesttimeout=299;
</cfscript>
However, I consistently see the following entries in the scheduled.log file:
"Information","DefaultQuartzScheduler_Worker-8","04/24/19","12:23:00",,"Task
default - Data - Import triggered."
"Error","DefaultQuartzScheduler_Worker-8","04/24/19","12:24:00",,"The
request has exceeded the allowable time limit Tag: cfhttp "
Notice, there is only a 1-minute difference between the start of the task, and its timing out.
I know that, according to Charlie Arehart, the timeout error messages that are logged are usually not indicative of the actual cause/point of the timeout, and, in fact, I have run tests and confirmed that the CFHTTP calls generally run in a matter of 1-10 seconds.
Lastly, when I make the same request in a browser, it runs until the requesttimeout set in the CFM page is reached.
This leads me to believe that there is some "forced"/"built-in"/"unalterable" request timeout for Scheduled Tasks, or, that it is using the default timeout value for the server and/or application (which is set to 60 seconds for this server/application) yet, I cannot find this documented anywhere.
If this is the case, is it possible to scheduled a task in ColdFusion that runs longer than the forced request timeout?

Google App Engine - http request/response

I have a Java web app hosted on Google App Engine (GAE). The User clicks on a button and he gets a data table with 100 rows. At the bottom of the page, there is a "Make Web service calls" button. Clicking on that, the application will take one row at a time and make a third party web-service call using the URLConnection class. That part is working fine.
However, since there is a 60 second limit to the HttpRequest/Response cycle, all the 100 transactions don't go through as the timeout happens around row 50 or so.
How do I create a loop and send the Web service calls without the User having to click on the 'Make Webservice calls' more than once?
Is there a way to stop the loop before 60 seconds and then start again without committing the HttpResponse? (I don't want to use asynchronous Google backend).
Also, does GAE support file upload (to get the 100 rows from a file instead of a database)
Thank you.
Adding some code as per the comments:
URL url = new URL(urlString);
HttpURLConnection connection = (HttpURLConnection) url
.openConnection();
connection.setDoOutput(true);
connection.setRequestMethod("POST");
connection.setConnectTimeout(35000);
connection.setRequestProperty("Accept-Language", "en-US,en;q=0.5");
connection.setRequestProperty("Authorization", encodedCredentials);
// Send post request
DataOutputStream wr = new DataOutputStream(
connection.getOutputStream());
wr.writeBytes(submitRequest);
It all depends on what happens with the results of these calls.
If results are not returned to a UI, there is no need to block it. You can use Tasks API to create 100 tasks and return a response to a user. This will take a few seconds at most. The additional benefit is that you can make up to 10 calls in parallel by using tasks.
If results have to be returned to a user, you can still use up to 10 threads to process as many requests in parallel as possible. Hopefully, this will bring your time under 1 minute, but you cannot guarantee it since you depend on responses from third-party resources which maybe unavailable at the moment. You will have to implement your own retry mechanism.
Also note that users are not accustomed to waiting for several minutes for a website to respond. You may consider a different approach when a user is notified after the last request is processed without blocking your client code.
And yes, you can load data from files on App Engine.
Try using asynchronous urlfetch calls:
LinkedList<Future<HttpResponse>> futures;
// Start all the request
for (Url url : urls) {
HttpRequest request = new HttpRequest(url, HTTPMethod.POST);
request.setPayload(...)
futures.add(urlfetchservice.fetchAsync(request);
}
// Collect all the results
for (Future<HttpResponse> future : futures) {
HttpResponse response = future.get()
// Do something with future
}

ColdFusion sessions are not timing out? Why not?

I am using ColdFusion 8. I am using this line to timeout sessions:
<CFAPPLICATION NAME="XXX"
CLIENTMANAGEMENT="NO"
SESSIONMANAGEMENT="Yes"
sessionTimeout="#CreateTimeSpan(0,0,1,0)#">
I am creating a session like this:
if (not structKeyExists(SESSION, "UserInfo")) {
SESSION.UserInfo = structNew();
}
I expect that my session will timeout after one minute. This is not working properly. I've tried every combination of numers, but my sessions NEVER time out. Even after not working all weekend (and shutting down my browser), my session is still up and running.
Why might my sessions not be timing out?
EDIT ~ My proof that my sessions are not timing out is that I can access a site with specific info in the session scope and it will never die, even after weeks of not using that browser.
We have three sites with three distinct names 1) XXXProd, 2) XXXStage, and 3) XXXDev.
Have you considered switching to J2EE sessions?
<cfscript>
session.setMaxInactiveInterval(1);
getPageContext().getSession().invalidate();
</cfscript>
<cfcookie name="jsessionid" expires="now">
<cflocaton url="/" addtoken="false">
That will not only kill of the cookie and ColdFusions knowledge of the session, it will kill the underlying session as well. You also don't need to have a "sessionless" page request that way.
With your current situation, in Server Monitor can you see sessions being created and destroyed?

How can I timeout Client-scoped variables in Coldfusion?

I apologize if this is a "duh" question. It seems like the answer should be easily googleable, but I haven't found it yet.
I am working on a large Coldfusion application that stores a large amount of session/user data in the Client scope (ie <cfset Client.UserName = "JoshuaC"> ). I did not write this application, and I don't have the luxury of significantly refactoring it.
I've been given the task of setting the Client variables to time out after 72 hours. I'm not entirely sure how to do this. If I had written the application, I would have stored the variables in the Session scope, and then changed the sessiontimeout attribute of the CFAPPLICATION tag. As it is though, I'm not sure if that timeout affects the Client variables, or what their level of persistence is. The way the application works now, the Client variables never time out, and only clearing the user's cookies, or visiting a logout page which sets all the Client-scoped application variables to "", will clear the values.
Of course, I could create some kind of timestamp variable like Client.LastAccessDateTime, and put something in the Application.cfm to clear the client variables if that datetime is more than 72 hours prior to Now(). But there's got to be a better way, right?
Depending whether your are using a datasource or registry as a Client Store you have to set the "Purge data for clients that remain unvisited for 90 days to 3 days (=72 hours) on the
ColdFusion Administrator => Client Variables => Registry
or
Client Variables => NameOfDatabase Page.
If Client Variables are stored as cookies, then you have to adjust the expires period, when setting the cookie.
The Purge Interval on the Client Variables page only controls how often ColdFusion executes a purge operation on your client stores (= seeks for expired Client Variables in order to delete them).
I suppose you are looking for Purge Interval setting, which is configured in CF Administrator at Server Settings > Client Variables page. Default interval is 1 hour 7 min.
EDIT: This setting value is not exactly what you need. I'm sorry, see my comment about purging -- think it is more accurate.