search : session management

select a category, or use search below
(searches all categories and all time range)

displaying top 100 results

Using Redis for Session Management Fails
[ANeff] ER for: SessionRotate() and SessionInvalidate() for J2EE Session Management
Comment on [ANeff] ER for: SessionRotate() and SessionInvalidate() for J2EE Session Management by Aaron N.
Comment on [ANeff] ER for: SessionRotate() and SessionInvalidate() for J2EE Session Management by Aaron N.
Comment on [ANeff] ER for: SessionRotate() and SessionInvalidate() for J2EE Session Management by Vamseekrishna N.
Comment on [ANeff] ER for: SessionRotate() and SessionInvalidate() for J2EE Session Management by Aaron N.
Comment on Using Redis for Session Management Fails by CFwatson U.
Comment on Using Redis for Session Management Fails by CFwatson U.
2609409 CF-3849572 Core Runtime : Session Management Brian Goetke CF10 Session variables lost Problem Description:Upon upgrading from CF8 to CF10 on Oct 17, 2014, Some of our users are losing their session variables right after they are set upon logging in to our web application. This is affecting
Comment on [ANeff] ER for: Secure Profile should enable CF's most secure session management option by Aaron N.
2611114 CF-3640257 External U. Please allow, function calls in CF should operate regardless of type of session management in place. +1
2608471 CF-4087458 External U. " If the application is not there when the session times out or ends, how would it call onSessionEnd? " The session tracking and *management* should not be intrinsically interlinked to the application management. The only interlink should be a reference
2611114 CF-3640257 External U. How about a per-App setting to enable SessionInvalidate()/SessionRotate() for J2EE session management?
[ANeff] ER for: Secure Profile should enable CF's most secure session management option
2612782 CF-3430245 External U. Hello?? This was never fixed for self-posting forms. Repro: Application.cfc --------------------- component { THIS.name = "ticket_CF-3430245"; THIS.sessionManagement = true; } index.cfm -------------- target.cfm ---------------
2600185 CF-3039298 Core Runtime : Session Management Luis Majano Bug 78825:(Watson Migration Closure)Session even if disabled via application or the administrator still creates an empty session structure Problem: Session even if disabled via application or the administrator still creates an empty
2613868 CF-3154884 External U. Hi Uday, The issue is that the method invocation done by internal code is still reaching Application.cfc's pseudo constructor. Thus, if THIS.sessionManagement=true, then these invocations are still creating sessions. These sessions are useless and waste system
{ THIS.name = "ticket_CF-3430245"; THIS.sessionManagement = true; } index.cfm -------------- target.cfm --------------- Thanks!, -Aaron
2613516 CF-3300531 Server Monitoring Shigeo Kubota Session values may not be persistent with the Server Monitor opened Problem Description: When the "Enable Monitoring Server" in ColdFusion Administrator is checked and J2EE Servlet session management is used, the session values may
Comment on with no expires attribute managing session (CFID / CFTOKEN) browser only cookies results in persistent cookies by External U.
2612782 CF-3430245 Core Runtime : Session Management Jörg Zimmer Session gets lost on cflocation width J2EE Sessions and Cookies disabled Problem Description: When using cflocation with enabled J2EE Sessions, the redirect doesn't respect the ;jsessionid on the url. So the session gets lost. Steps
2608318 CF-4129174 External U. The hung server instance shows this in the nohup.out file: SEVERE: Manager [localhost#]: No session state send at 5/26/16 12:48 PM received, timing out after 60,092 ms. May 26, 2016 12:49:54 PM org.apache.catalina.session.StandardSession tellNew SEVERE: Session event
2611114 CF-3640257 External U. Hi Yashas and Vamseekrishna, Session Variables doc (https://wikidocs.adobe.com/wiki/display/coldfusionen/Configuring+and+using+session+variables) says: "consider using J2EE session management in any of the following cases: - You want to maximize session security
2927125 CF-4198404 Core Runtime : Session Management Chad Armond JSESSIONID not passed in URL when using ADDTOKEN parameter OF CFLOCATION tag Problem Description: In previous versions of ColdFusion, the JSESSIONID was passed in the URL query string when using the ADDTOKEN parameter
2673434 CF-4126553 Core Runtime Aaron Neff [ANeff] Bug for: coldfusion.runtime.SessionTracker getSessionCollection nullpointer SessionTracker's getSessionCollection throws null pointer. Works in CF11. component { THIS.name = "SessionTrackerNullPointer"; THIS.sessionManagement = true
2597584 CF-3043383 Core Runtime : Session Management Rob Brooks-Bilson Bug 86387:-(Watson Migration Closure)Session cookies see comments Duplicate ID: CF-3044031 Problem: Session cookies see comments Method: Result: ----------------------------- Additional Watson Details
with no expires attribute managing session (CFID / CFTOKEN) browser only cookies results in persistent cookies
Bug 80859:ORM session closes prematurely when using DataManagement event gateway
3422688 CF-4199524 Core Runtime : Session Management branden johnson session data between sub domains i need to maintain session data between sub domains you can do this easy by setting: this.setdomaincookies="yes" works perfectly because the cfid and cftoken cookies domain is set to ".domain
2602169 CF-3037153 Core Runtime : Session Management James Moore Bug 74764:When "Use J2EE session variables" is checked under Server Settings > Memory Variables Problem: When "Use J2EE session variables" is checked under Server Settings > Memory Variables. Session.CFID is not defined
Comment on with no expires attribute managing session (CFID / CFTOKEN) browser only cookies results in persistent cookies by External U.
. Either way, #1 should not be occurring and should be fixed. I will attach repro code. Also: Scheduler events should not create sessions, b/c those sessions are useless and waste system resources. I'll file an ER to disable session management for scheduler events. Thanks!, -Aaron
2598064 CF-3041783 External U. Hi Nimit, You're very welcome! Here is the code I used to verify: Application.cfc ---------------------- component { THIS.name = "ticket_CF-3041783"; THIS.sessionManagement = true; THIS.loginStorage = "session"; THIS.sessionTimeout = createTimeSpan(0
DomainCookies to "yes" with sessionManagement set to "yes". Load "domain.com" then load "www.domain.com" or visa-versa. Test case Application.cfc: component { this.name="test"; this.sessionManagement = "yes"; this.setDomainCookies = "yes"; } Actual Result: Null Pointers are another name for undefined values
2609421 CF-3849152 Core Runtime : Session Management Aaron Neff [ANeff] Bug for: CF sessions vs J2EE sessions (session loss) when using urlSessionFormat() Sessions are maintained w/ CF sessions but not maintained w/ J2EE sessions in 3 scenarios. Repro: 1) open current page into new tab
2597874 CF-3042150 Debugging : General Sebastian Zartner Bug 84144:(Watson Migration Closure)Change the error description for disabled scopes Problem: Change the error description for disabled scopes.The description should include, that the session management can also be set inside the Application
2609072 CF-3937690 General Server Henry Ho JSON Web Tokens (JWT) support Please make JSON Web Tokens (JWT) easy to implement in ColdFusion. Hopefully as easy as session management minus the clunky portion. https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32
2597587 CF-3043373 Core Runtime : Session Management Rob Brooks-Bilson Bug 86365:CFCookie tag see comments Problem: CFCookie tag see comments Method: Result: N/A ----------------------------- Additional Watson Details ----------------------------- Watson Bug ID: 3043373 External Customer
in the variable scope. Someone looking at this code would have no clue whether somekey is going in the session or variable. This is not a bug and we are closing this. Pavan has shared how you can figure out whether the session management is enabled or not.
ALWAYS when the first user attempts to log in on Monday morning. Hence a new clue that I have found (see https://helpx.adobe.com/coldfusion/developing-applications/coldfusion-orm/orm-session-management.html). This documentation reads, "When the ColdFusion application starts, it builds the Hibernate
.name="Testcffileuploadsession"; THIS.sessionManagement=true;} ---------------------- index.cfm ---------------------- ---------------------- ----------------------------- Additional Watson Details ----------------------------- Watson Bug ID: 3148178 Keywords: FixTested External Customer Info: External Company
to Reproduce: 1. Enable JMX on CF instance - http://boncode.blogspot.ca/2010/04/cf-java-using-free-visualvm-tool-to.html 2. Enable SessionManagement in Application.cfc 3. Prepare an empty Foo.cfc component (e.g. component {} ) 4. Hit this following script with Apache JMeter for 1000 times: #rand
Comment on Bug 80859:ORM session closes prematurely when using DataManagement event gateway by External U.
2598094 CF-3041746 Core Runtime : Session Management Daniel Mackey Bug 83514:We are getting sporadic "java Problem: We are getting sporadic "java.lang.IllegalStateException: Session is invalid" exceptions since we moved to ColdFusion 9 from ColdFusion 8.This started happening since we turned on J2
, but sometimes it returns data from a different application. When this happens, the properties such as name and sessionManagement, etc. are incorrect. Steps to Reproduce: Run this code multiple times and look for odd behavior. The behavior is not consistent and I have not been able to determine exactly what
.hibernate.event.def.AbstractFlushingEventListener.performExecutions(AbstractFlushingEventListener.java:328)at org.hibernate.event.def.DefaultFlushEventListener.onFlush(DefaultFlushEventListener.java:50)at org.hibernate.impl.SessionImpl.flush(SessionImpl.java:1027)at coldfusion.orm.hibernate.SessionWrapper.flush(SessionWrapper.java:167)at coldfusion.orm.hibernate.HibernateSessionManager.flushSession(HibernateSessionManager
2613022 CF-3352056 Core Runtime : Session Management Aaron Neff [ANeff] Bug for: CF9 vs CF10 wrt urlSessionFormat() w/ J2EE sessions Please consider these: urlSessionFormat('') urlSessionFormat('?') urlSessionFormat('?#anchor') urlSessionFormat('?param') urlSessionFormat('?param=value') urlSession
2609341 CF-3857664 External U. Any update on this? I can't even get the clustered instances to start after applying update 14. If I revert back to 13, everything works normal. Here is the error: INFO: Manager [localhost#/]; session state send at 4/4/15 1:20 AM received in 6,617 ms. Apr 04 01
error logged in exception.log Application.cfc ----------- component { THIS.name = "ticket_3041747"; THIS.sessionManagement = true; THIS.applicationTimeout = createTimeSpan(0,0,0,10); THIS.sessionTimeout = createTimeSpan(0,0,0,10); function onApplicationEnd() { foo = bar
2599926 CF-3039574 Core Runtime : Session Management Aaron Neff Bug 79299:(Watson Migration Closure)[ANeff] CF10 ER for: cfhttpsession, to maintain session across cfhttp requests Problem: [ANeff] CF10 ER for: cfhttpsession, to maintain session across cfhttp requests.1|2| 3| 4|if "local
2613670 CF-3193399 Core Runtime : Session Management ext-user Enabling ( Memory Variable -> Enable session variables ) and clicking on submit two to three times throws exception "There was an error accessing this page. Check logs for more details. Click here to login" Problem: Enabling ( Memory
2611586 CF-3608332 Core Runtime : Session Management Jae Jung CFCOOKIE setting empty string with double quotes on the client side Problem Description: When setting the CFCOOKIE to an empty string the client side browser shows that ColdFusion placed double quotes as the value. Steps to Reproduce
3127954 CF-4198764 Core Runtime : Session Management ColdFusion 11 update 11/12 losses CFTOKEN Problem: ColdFusion 11 update 11/12 losses CFTOKEN Method: When loading the template for the first time after applying update 11/12. It does display the CFTOKEN however with the second refresh
(cgi.server_name,"[^a-z0-9]","","ALL")&'n';this.applicationtimeout = createtimespan(0,4,0,0);this.sessionManagement = true;this.sessionTimeout = createTimeSpan(0,4,0,0);this.loginStorage = "session";Problem also happens with loginStorage="cookie" Result: CFLOGIN fails ----------------------------- Additional Watson
2608730 CF-4015158 Core Runtime : Session Management Daniel Short As a Cluster of Servers, I want to store SESSION data outside of local RAM Duplicate ID: CF-3941961 Problem Description: With a non-clustered group of CF instances, Session data is stored on each individual server. This requires
{ THIS.name = "SearchImplicitScopesDisabledBreaksCFLoginStruct"; THIS.sessionManagement = true; THIS.loginStorage = "session"; THIS.sessionTimeout = createTimeSpan(0,0,0,10); THIS.searchImplicitScopes = false; void function onRequest() { cflogin
2598064 CF-3041783 External U. Adobe, I'm just checking-up on this. I see it's been nearly 5 years (still exists in CF11 Update 5). component { THIS.name = "ticket_CF-3041783"; THIS.sessionManagement = true; THIS.loginStorage = "session"; THIS.sessionTimeout = createTimeSpan(0
2598171 CF-3041663 Core Runtime : Session Management David Boyer Bug 83362:(Watson Migration Closure)Could we have a function similar to ApplicationStop() for the current session request called SessionStop() Problem: Could we have a function similar to ApplicationStop() for the current session
.current signature: syncManager.openSession( dbFile, id );New signature (possibly new method) should be: syncManager.openEncryptedSession( dbFile, encryptionKey, id ); Method: Result: ----------------------------- Additional Watson Details ----------------------------- Watson Bug ID: 3039746 External
6364791 CF-4205491 PMT Potential for thousands of Redis calls every 5 seconds when monitoring sessions with PMT Problem Description: With FusionReactor, you have the ability to track Jedis. This is the library used to create and manage session storage in ColdFusion if you have Redis session
6364789 CF-4205490 PMT Potential for thousands of Redis calls every 5 seconds when monitoring sessions with PMT Problem Description: With FusionReactor, you have the ability to track Jedis. This is the library used to create and manage session storage in ColdFusion if you have Redis session
6364787 CF-4205489 PMT : Non-Request Metrics Potential for thousands of Redis calls every 5 seconds when monitoring sessions with PMT Problem Description: With FusionReactor, you have the ability to track Jedis. This is the library used to create and manage session storage in ColdFusion if you
.cfc ---------------------- component { THIS.name = "ticket_OnSessionEndNotCalledAfterApplicationStop"; THIS.applicationTimeout = createTimeSpan(0,0,0,20); THIS.sessionManagement = true; THIS.sessionTimeout = createTimeSpan(0,0,0,10); boolean function onApplicationStart() {f("onApplicationStart"); return true
2609453 CF-3846187 Logging Aaron Neff [ANeff] Bug for: writeLog/cflog does not log application name when called within onApplicationEnd() Repro: THIS.name = "myAppName"; THIS.sessionManagement = true; THIS.applicationTimeout = createTimeSpan(0,0,0,10); THIS.sessionTimeout = create
Tracker Issue Bug 80536:In 8
2599290 CF-3040371 Core Runtime : Session Management Andrew O Bug 80536:In 8 Problem: In 8.0.1, Breaking behaviour in sessions when security hotfix HF801-1875.jar applied, when using sessionmanagement with clientcookies and clientmanagement off. Haven't got time to reproduce this in CF9 yet
2596880 CF-3513929 Core Runtime : Session Management Dave Krajcar IE can't retain session variables Problem Description: When using IE to access code on a CF9 server, the session variables are lost between pages. Chrome does not have this problem, only IE users. (Unfortunately, IE is required
2597576 CF-3043458 Core Runtime : Session Management Julian Halliwell Bug 86494:We had severe problems with sessions after applying the Security HotFix APSB11-04 Problem: We had severe problems with sessions after applying the Security HotFix APSB11-04. See comments at http
Comment on with no expires attribute managing session (CFID / CFTOKEN) browser only cookies results in persistent cookies by External U.
2601753 CF-3037616 Core Runtime : Session Management John Farrar Bug 75591:Here is a list of where sessions work and where they fail Problem: Here is a list of where sessions work and where they fail. WORKS: Firefox (Vista, Vista 64bit) Chrome Opera FAILS: IE 7, 8 (and they act a little
2599077 CF-3040612 Core Runtime : Session Management Jason Dean Bug 81187:When using the HTTPOnly flag in CFCOOKIE on a CF9 Web Application deployed on Tomcat 6, the cookie statement is improperly constructed resulting in appending the HTTPOnly statement to the cookie value Problem: When using
change but it appears the BlazeDS folks implemented some of the session management stuff from LCDS without considering the results. Users are expecting a stateless remoting channel. Also just to be specific this is happening with remote object calls - haven't tested messaging yet.. Method: Steps
2672454 CF-4195722 Core Runtime : Session Management ext-user onSessionEnd method is not called when using Redis as external session store. Problem: onSessionEnd method is not called when using Redis as external session store. Method: see comments section test code
2613020 CF-3352078 Core Runtime : Session Management Aaron Neff [ANeff] Bug for: CF9 vs CF10 wrt jsessionid in query string (maintained vs broken sessions) CF9 honors jsessionid in the query string (ex: ?jsessionid=x and &jsessionid=x). CF10 does not. Repro (do this in CF9 and CF10 to compare): 1
://localhost:81/jelly to getjelly.cfm The image renders, as expected. can you share the rewrite URL, you are using and the relevant code in the session.fileManager.getFile method. Also, what do you mean by corrupted. Pls. elaborate.
Comment on /manager URLs fail due to manager folder inside runtime folder by External U.
as being the way to make these settings is a bit out of date. I'd be making the setting in Application.cfc.This is trivial, but the error message could esily be improved.-- Adam Method: Result: The requested scope session has not been enabled.Before session variables can be used, the session state
App" THIS.applicationTimeout = createTimeSpan(0,0,0,10) THIS.sessionManagement = true THIS.sessionTimeout = createTimeSpan(0,0,0,10) THIS.enableNULLSupport=true } ----------- 3) Create MyCFC.cfc having: ----------- component {function f() {FORM.foo = null}} ----------- 4) Run index.cfm containing
.Before session variables can be used, the session state management system must be enabled using the cfapplication tag.The error occurred in index.cfm: line 84Called from index.cfm: line 37Called from index.cfm: line 1" Expected: Should'nt be any dependency between session variables and a specific admin page so
be cast to class java.util.Properties (java.util.HashMap and java.util.Properties are in module java.base of loader 'bootstrap') at org.hibernate.cache.ehcache.management.impl.ProviderMBeanRegistrationHelper$RegisterMBeansTask.locateSessionFactory(ProviderMBeanRegistrationHelper.java:142) at org.hibernate.cache.ehcache.management
2599848 CF-3039659 File Management : VFS-S3 Dave Ferguson Bug 79414:processing url for cffileupload does not set session vars Problem: processing url for cffileupload does not set session vars. Method: #serializeJSON(str)# Result: ----------------------------- Additional Watson Details
Path("./appconfig.json.cfm");//this["name"] = "AppCfcTest";// this.datasource ="MavResource";// this.applicationTimeout="";// this.clientManagement="";// this.clientStorage="";// this.customTagPaths={};// this.loginStorage="";// this.mappings={};// this.sessionManagement="";// this.sessionTimeout="";// this.setClientCookies="";// this
.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.valves.CrawlerSessionManagerValve.invoke(CrawlerSessionManagerValve.java:180) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) at org
.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.valves.CrawlerSessionManagerValve.invoke(CrawlerSessionManagerValve.java:180) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) at org
2611935 CF-3572565 Core Runtime : Session Management Tim Parker CF10 writes CFID and CFToken cookies incorrectly, causing session problems (fatal for CF9) for all other instances in domain Duplicate ID: CF-3593673 Problem Description: CF10 is writing CFID and CFToken cookies as DOMAIN cookies
5666487 CF-4204277 Core Runtime : Session Management Intermittent NullPointerExceptions occurring when processing OnSessionEnd() ===================[Problem Description]================= Once of our clients is experiencing an intermittent issue with their OnSession() End function in their site
Comment on Bug 80120:Detected duplicate HTTP-based FlexSessions in Remote Object callsFlex Remoting fault errors in doing Flex remoting to CF9 by External U.
changing all session replication timeouts to obscenely high values (120 minutes, etc) would still result in a hung instance. But we do find that using backupManager instead of deltaManager, in conjunction with higher timouts, does result in a working test box, at least under artificial load
) create VO2) Save VO using SyncManager Session3) Add property to VO4) Boom Result: ----------------------------- Additional Watson Details ----------------------------- Watson Bug ID: 3040204 External Customer Info: External Company: External Customer Name: Cameron Childress External Customer Email
2672874 CF-4159697 Web Container (Tomcat) : Instance/Cluster Manager Mike Brunt ColdFusion 2016 Enterprise Clustering Problems Problem Description: Currently we are trying to set up a simple cluster with one remote and one local instance on, they will use sticky sessions and session replication
.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.valves.CrawlerSessionManagerValve.invoke(CrawlerSessionManagerValve.java:180) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116
.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.valves.CrawlerSessionManagerValve.invoke(CrawlerSessionManagerValve.java:180) at org
2600137 CF-3039351 File Management : VFS-RAM zac spitzer Bug 78909:(Watson Migration Closure)Use existing scopes rather than the ram:// for VFSram:// should be server://as there should be application:// request:// and session:// Problem: Use existing scopes rather than the ram:// for VFSram
.hibernate.event.def.DefaultFlushEventListener.onFlush(DefaultFlushEventListener.java:51) at org.hibernate.impl.SessionImpl.flush(SessionImpl.java:1206) at coldfusion.orm.hibernate.SessionWrapper.flush(SessionWrapper.java:176) at coldfusion.orm.hibernate.HibernateSessionManager.flushSession(HibernateSessionManager.java:217) at coldfusion.orm.hibernate.HibernateSessionManager.flushAllCurrentSessions(HibernateSessionManager
-out.log and hibernatesql.log of the instance StudiemeterStaging2018 (the datasource name is dsn_SM7): 01/02 17:25:54 [_ORM_StudiemeterStaging2018_dsn_SM7] ERROR Error locating Hibernate Session Factory java.lang.ClassCastException: java.base/java.util.HashMap cannot be cast to java.base/java.util.Properties at org.hibernate.cache.ehcache.management.impl.ProviderMBeanRegistrationHelper$RegisterMBeansTask.locateSession
load on the box. CF10 update 18 is broken out of the box. There is a problem with DeltaManager in tomcat, that wont replicate the sessions (even after 120 minute timeout), and therefore CF refuses to start. I played around with various settings, multicast and static, but I cannot get DeltaManager
, where J2EE session variables were not initially enabled, and enable them. Save. Then access windows service manager and stop the service for that instance. Then try to start again, it will hang with the status "Starting" Actual Result: CFService hangs with "Starting" status Expected Result: CFService
Configuration in Application.cfc to offload session to distributed cache
simultaneous user test is harder to manage. This is also concern if you have an app where users share logins. At the same time, addressing session fixation is definitely a concern. I would hate for it to be binary choice... either you have the protection or you don't.
2601418 CF-3037983 Core Runtime : Session Management Ezra Parker Bug 76135:OnSessionStart does not single-thread requests Problem: OnSessionStart does not single-thread requests. More specifically, if the session identifier cookie(s) are already present in a user's browser, then it is possible