I am using the cbauth module in conjunction with cbstorages to authenticate and login a user to my application. I came across an issue with the auth().isLoggedIn() helper that I cannot explain.
The login process is held in a handler called “sessions”, I also store other objects in the sessionStorage that contain further attributes needed during that session.
For debugging purpose, I tracked the value of isLoggedIn() while using the application. What I noticed is that isLoggedIn() sets itself to false after a while despite the fact that:
1 - I did not log out, meaning the session was not destroyed
2 - sessionStorage objects (sessionUserbean, structUItheme) are still accessible, meaning the session is still alive
How could we explain this inconsistency? By definition: IsLoggedIn() returns a boolean sessionStorage.exists( USER_ID_KEY). If isUserLoggedIn() is false, it implies that USER_ID_KEY is no longer in sessionStorage. Then should I assume that my session is in fact, still alive since I have other objects accessible from sessionStorage?
The login/logout code is as follows:
// new / login form page
function new( event, rc, prc ) {
// Set the user login form layout
event.setLayout(“FoundationMini”);
return event.setView( “sessions/new” );
}
// create session (login)function create( event, rc, prc ) {
try {
auth.authenticate( rc.userLogin, rc.userPassword );
// Get the ID of the user authenticated for the current session
var sessionUserID = auth.getUserId();
// Retrieve the session user’s details and preferences
var sessionUserbean = userSVC.read(sessionUserID);
// Retrieve the user’s session UI theme parameters
var structUItheme = structNew();
structUItheme = buildViews.getUItheme(sessionUserbean.getUserUItheme());
// Load parameters to the session storage
sessionStorage.setVar(“sessionUserbean”,#sessionUserbean#);
sessionStorage.setVar(“structUItheme”,#structUItheme#);
// And relocate to the appropriate landing page upon login.
return relocate( event=“loggedin” );
} catch ( InvalidCredentials e ) {
messagebox.setMessage( type = “warn”, message = e.message );
return relocate( uri = “/login” );
}
}
// delete session (logout)
function delete( event, rc, prc ) {
auth.logout();
// Clear the entire Coldbox session storage
sessionStorage.clearAll();
return relocate( uri = “/” );
}