This is a ColdFusion/mobile question. I have a simple web app with a login page. User types their login info, session info is assigned, and they're taken to a projects page. This works fine, but when I try to setup an auto-login (user clicks a bookmark on their home screen that passes a username and password), the same process should occur, but the session info is lost once they are taken to the projects page. This occurs on the BlackBerry 9370 (w/ touch screen. not sure of the model type), but works fine when testing it in a browser and the BlackBerry simulator. Here's some code for the auto login:
<cfquery name="qryAccount">
EXEC m_AccountLogin
@Username = <cfqueryparam value="#LCase(url.u)#" cfsqltype="cf_sql_varchar">,
@Password = <cfqueryparam value="#LCase(url.p)#" cfsqltype="cf_sql_varchar">;
</cfquery>
<cfif qryAccount.recordcount>
<cflock name="lockAccount" type="exclusive" timeout="10">
<cfset session.account = {
isLoggedIn = true,
MemberID = qryAccount.iMemberID,
Role = qryAccount.iRole }>
</cflock>
<cflocation url="/mobile/home/projects.cfm" addtoken="true">
<cfelse>
<cflocation url="/mobile/index.cfm" addtoken="true">
</cfif>
I read that using <cflocation>
right after assigning session vars may cause
an issue, so I tried a JavaScript re-direct and still came up short. Any ideas?
For ColdFusion session variables: check the box next to "Enable Session Variables." This will set the Session. SessionID value equal to the Application name, CFID, and CFTOKEN values. ColdFusion session variables are enabled by default.
A session refers to all the connections that a single client makes to a server during viewing all pages associated with a given application. Sessions are specific to both the individual user and the application.
To use client and session variables, ColdFusion must be able to identify the client. It normally does so by setting the following two cookie values on the client's system: CFID: A sequential client identifier. CFToken: A random-number client security token.
Look for any "cfparams" that set the variable. It might be deleted then reinitiated on the next request. You can also add a boolean to check if it exists when you delete it. This will give you a "yes" if it exists and a "no" if it doesn't - allowing you to execute further logic if you wish.
I can't help but think this may be a bug in the BB browser, which is pretty lame to begin with (IMO it makes IE6 look usable).
For the sake of testing, is it practical to remove the cflocation to the projects page and put a clickable link there instead? I'd just like to see if it works that way. If it does, then for some reason, cflocation is causing the session to be lost. That shouldn't be the case since you're on CF9, but it'd be nice to prove one way or another.
After CF7, Adobe fixed the issue of setting session variables in the same request as a <cflocation>
tag. This is no longer an issue.
The likely cause for your session dropping out is that BlackBerry is clearing out your session cookies (cfid,cftoken or jsessionid) when it launches the browser from a home screen bookmark. I have seen this same behaviour in the iPhone as well, it's possible that BB is also doing it.
To confirm (or deny) that this is the case, set up a simple page that outputs:
<cfdump var="#session#">
<cfdump var="#getHttpRequestData()#">
Navigate to this page on your BB the "normal" way by keying in the URL manually. The first time that the page loads, it will create a session (and send back the associated session cookie(s)). Reload the page and you will see in the http request data dump, a header called cookie(request.headers.cookie
). This will contain the same session information that you see in the session dump above it.
Now, use the home screen bookmark to load up the page. If BB is in fact clearing out your sessions cookies, then the request.headers.cookie
will not be there and new session identifiers will be given.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With