tracker issue : CF-4206686

select a category, or use search below
(searches all categories and all time range)

cflogin doesn't work in a cluster with Redis session management

| View in Tracker

Status/Resolution/Reason: To Fix//BugVerified

Reporter/Name(from Bugbase): Doug C. / ()

Created: 01/17/2020

Components: Security, Authentication

Versions: 2018

Failure Type: Non Functioning

Found In Build/Fixed In Build: update 6 /

Priority/Frequency: Normal / All users will encounter

Locale/System: English / Win 2016

Vote Count: 3

Problem Description:
cflogin works on one instance in the cluster but is not shared with the other instances
Steps to Reproduce:
create a cluster, set session storage on each one to a Redis server monitor what getauthuser returns as requests rotate through the cluster

	if (! StructKeyExists(session,"createdtime")) {
		cflogin (){
			cfloginuser(name="fred", password="a", roles="user");
    cluster = createobject("component","CFIDE.adminapi.runtime").getinstancename();

	writedump (session);
	writedump (cluster);
	writeoutput("<br>is here-"&getauthuser()&"-<br>");
	writeoutput("is here-"&isuserloggedin()&"-<br>");

Actual Result:

one instance shows "Fred" as the logged in user the others are blank.

Expected Result:

All instances should show user "Fred" as the auth user 

Any Workarounds:

Not that I can see



+1 this should work with redis
Vote by John W.
33111 | February 13, 2020 11:19:09 AM GMT
cflogin can be useful due to the ability to prevent concurrent logins added in added in ACF11 `cflogin(allowconcurrent="false")` - if we can't use it in cluster then that feature is broken.
Comment by John W.
33110 | February 13, 2020 11:22:05 AM GMT
this should work with redis
Vote by David T.
33119 | February 13, 2020 12:26:10 PM GMT
same issue when using session sharing via the cf admin and getting tomcat to do it.
Comment by Doug C.
33118 | February 13, 2020 12:53:58 PM GMT