Topic: Login issue witth session

slashwalker    -- 03-06-2008 @ 5:16 AM
  Hello Guys,
i have an issue with a login system for an intranet.

<cfcomponent output="false">
  <!--- Application Settings: Session, Script Protection etc.--->
       <cfset = "Intranet">
       <cfset this.loginstorage="session">
       <cfset this.sessionManagement = true>
       <cfset this.scriptProtect = true>
       <cfset this.setClientCookies = true>
       <cfset this.setDomainCookies = true>
       <cfset this.sessionTimeOut = CreateTimeSpan(0,0,30,0)>
       <cfset this.applicationTimeOut = CreateTimeSpan(2,0,0,0)>
       <cfset thisPath = ExpandPath("*.*")>
       <cfset thisDirectory = GetDirectoryFromPath(thisPath)>
  <!--- Application starts --->
  <cffunction name="onApplicationStart" access="public" returntype="any" output="yes">
       <cfquery name="application.employees" datasource="intranet">
       SELECT * FROM users
     <cfquery name="" datasource="intranet" maxrows="2">
     <cfquery name="application.accounts" datasource="intranet">
     SELECT * FROM accounts
     <cfquery name="application.kontakte" datasource="intranet">
     SELECT * FROM contacts ORDER BY type, firma, name
     <cfquery name="application.marken" datasource="intranet">
     SELECT * FROM trades ORDER BY seit DESC

<!--- Request starts --->
  <cffunction name="onRequestStart" returntype="any" access="public" output="false">
   <cfif structKeyExists(url,"logout")>
<cfinclude template="login.cfm">

<cfif NOT IsDefined("cflogin")>
           <cfinclude template="login.cfm">
      <cfset theusername=trim(form.j_username)>
      <cfset thepassword=trim(form.j_password)>
       <cfquery name="auth" datasource="intranet">
       SELECT * FROM users WHERE samaccountname='#theusername#' AND password='#thepassword#'
                 <cfif auth.recordcount gt 0>
               <cfset session = structnew()>
               <cfset session.givenname = auth.givenname>
                 <cfset =>
                 <cfset session.department = auth.department>
                 <cfset = auth.telephonenumber>
               <cfset session.sam=auth.samaccountname>
                 <cfset session.mail = auth.mail>
                 <cfset session.title = auth.title>
                 <cfset session.area = auth.physicalDeliveryOfficeName>
                 <cfset session.birthday = lsdateformat(auth.description,"dd. mmmm yyyy")>
                <cfif NEQ "">
                <cfset =>
            <cfset session.initials = auth.initials>
             <cfif #auth.department# is "New Media">
               <cfset roles = "admin,orga">
                <cfelseif #auth.department# is "Office">
                <cfset roles = "org,user">
                 <cfelseif #auth.department# is "Manufacture">
                <cfset roles = "manufacture,user">
                <cfset roles ="user">
       <cfloginuser name="#theusername#" password="#thepassword#" roles="#roles#">
       <cfset session.start=Dateformat(now(),"yyyy-mm-dd HH:mm:ss")>
      <cfquery name="init" datasource="intranet">
   INSERT INTO logfiles (sessionid,start,initials,pages) VALUES ('#session.sessionid#','#session.start#','#session.initials#',"LOGIN")
   <cfquery name="session.counter" datasource="intranet">
     SELECT COUNT(id) as counter FROM logfiles
          <cfinclude template="login.cfm">

       <!--- Request ends --->
<cffunction name="onRequestEnd" access="public" output="yes">

<cfquery name="pages" datasource="intranet">
SELECT pages FROM logfiles WHERE sessionid='#session.sessionid#'
<cfset uppages = pages.pages&","&replace(CGI.SCRIPT_NAME,"/","","ALL")>
<cfquery name="log" datasource="intranet">
UPDATE logfiles SET pages='#uppages#' WHERE sessionid='#session.sessionid#'

The login works. But if session is running out of time and i revisit the website and try to login it throws an session error. It tells me, that session.givenname isn't defined! Sometimes, it also throws an session not valid error.

I tried it the cheap and dirty way:
  <!--- This should never happen...  --->
       <cffunction name="onError" output="no">
    <cfargument name="Exception" required=true/>
    <cfargument type="String" name="EventName" required="true"/>
            <cfif Find("Element GIVENNAME is undefined in SESSION.",Arguments.Exception.Message,0)>
            <cflocation addtoken="no" url="index.cfm">
This works, but it's ugly. The user tries to login and gets redirected to login form again and can login then.
I don't know what is going wrong. The session vars are used on index.cfm to "say hello" to the user and show his information. I guess, the session doesn't clear at session end or something. Any hints? Thanks in advanced. And Sorry for my english Wink

slashwalker    -- 03-12-2008 @ 8:34 AM
  It works now. Seems it was an issue with J2EE Sessions. I turned them off and now it works fine.

EasyCFM.COM ColdFusion Forums :