My dept. has just bought CF10 and I'm finally updating my existing web app to CF10 from CF8.
My first problem with CF10 is using session variables. When using the lower versions of CF (CF4 to CF8) I have never had any problem setting up session variables and getting or using these variables in other pages after a successful login. With CF 10 it seems setting session variables and using them in other pages are major problems. I'm not sure what have I done wrong in the code.
First I'm setting the session in my Application.cfc this way:
<cfcomponent displayname="Application" output="true">
<cfset THIS.Name ="MyNewApp"/>
<cfset THIS.ApplicationTimeout = CreateTimeSpan(0,0,20,0) />
<cfset THIS.SessionManagement ="YES"/>
<cfset THIS.SessionTimeout = CreateTimeSpan( 0, 0, 20, 0 ) />
<cfset THIS.SetClientCookies = false />
<cffunction name="OnApplicationStart" access="public" returntype="boolean"
output="false">
<cfset application.Main_DSN = "TESTDB">
<cfreturn true />
</cffunction>
<cffunction name="onApplicationEnd" output="false">
<cfargument name="applicationScope" required="true">
</cffunction>
<cffunction name="OnSessionStart" access="public" returntype="void" output="false"
hint="Fires when user session initializes.">
<cfset session.loggedin = "NO">
<cfset session.username = "">
<cfset session.userrights = "">
<cfset session.usergroup = "">
</cffunction>
</cfcomponent>
After login, user is validated and set values to those session.variables:
........user validation codes here......................
<cfif mylogin NEQ true>
<cflocation url="/login/login.cfm">
<cfabort
<cfelse>
<cfset session.loggedin="Yes">
<cfset session.username="#Trim(Form.username)#">
<CFSET qUserRights = LoginObj.getUserRights('#Trim(Form.username)#')>
<cfset session.userrights = qUserRights><!--- it's a query --->
<CFSET qUserGroup = LoginObj.getUserGroup('#Trim(Form.username)#')>
<cfloop query="qUserGroup">
<cfset session.usergroup = user_group>
<cfbreak>
</cfloop>
<!--- ******* ?????????????????????????
When I do cfdump in at this level, I can see that all of these session variables have
been assigned to their values.
But these session variables are not accessible from other pages. Other pages still show
these session variable without its value.
So, when I use these cfdumps in the index.cfm it is shown as they're not yet assigned
with any values ********* --->
<cfdump var="#session.loggedin#">
<cfdump var="#session.username#">
<cfdump var="#session.userright#">
<cfdump var="#session.usergroup#">
</cfif>
In index.cfm, Before Login I got:
session.loggedin = NO
session.username = ["empty string"]
session.userrights = ["empty string"]
session.usergroup = ["empty string"]
After a successful Login:
session.loggedin = NO
session.username = ["empty string"]
session.userrights = ["empty string"]
session.usergroup = ["empty string"]
Have I done something wrong? This code works on CF8.
I need to mention: CF10 is in Linux and my web app is under https not http. But these session variables should be shared between http and https because some older pages are still in http and can not be moved to https.
timestampin the session scope and set it in `Application.cfc' and after login and check which timestamp is showing at each level. - PeterKAonSessionStart()add something like<cfset session.started = now()>. - Fish Below the Ice