Session bug in SVN

Communities ColdBox HMVC
1

Just running some tests with the latest from SVN.

I have Session management turned off.

(We manage our own, and CFIDE tends to be sequential which is a pain to explain to PCI compliance people, so it’s just easier not to worry about it).

This throws an error when attempting a Coldbox request:

The requested scope session has not been enabled.The error occurred in /home/developer/src/mapped/frameworks/coldbox/system/includes/BugReport.cfm: line 97

Called from /home/developer/src/mapped/frameworks/coldbox/system/services/ExceptionService.cfc: line 87
Called from /home/developer/src/mapped/frameworks/coldbox/system/Coldbox.cfc: line 291
Called from /home/developer/src/wwwroot/Application.cfc: line 76

95 : Coldfusion ID:
96 :
97 : <cfif isDefined(“session”) and structkeyExists(session, “cfid”)>
98 : CFID=#session.CFID# ;
99 : <cfelseif isDefined(“client”) and structkeyExists(client,“cfid”)>

This may be related to the original Exception:

Exceptions
04:22:43.043 - Expression Exception - in /home/developer/src/mapped/frameworks/coldbox/system/web/flash/SessionFlash.cfc : line 63

	    The requested scope session has not been enabled.

04:22:45.045 - Expression Exception - in /home/developer/src/mapped/frameworks/coldbox/system/includes/BugReport.cfm : line 97

	    The requested scope session has not been enabled.

Do I have to to turn on Sessions? I’d really prefer not to ;o)

Mark

2

Running some tests here -

I see that in “FlashExists”


// Check if session is defined first
if( NOT isDefined(“session”) ) { return false; }
// Check if storage is set and not empty
return ( structKeyExists(session, getFlashKey()) AND NOT structIsEmpty(session[getFlashKey()]) );

Except for one small problem.

isDefined(“session”) is going to return true, even if Session Management is turned off.

I just did a test locally:

Application.cfc:

component
{
this.name = “session-test”;
this.clientManagement = false;
this.sessionManagement = false;
}

index.cfm

#isDefined(“session”)#

Display:
YES

The best way I ever found of checking if Session’s where enabled was simply by having a:
//the best way of checking if sessions are enabled
try
{
session[arguments.key] = StructNew();
setIsSessionEnabled(true);
}
catch(Any exc)
{
//don’t do anything really, we’re just using this as a 1 time check
}

in my init() function.

Mark

3

Hi Mark, I actually submitted this as a bug to CF because the session should NOT be defined when session management is OFF. Railo has the correct behavior there.

Anyways, I think we can add this just for compliance and once cf fixes it remove it. What do you suggest?

Luis F. Majano
President
Ortus Solutions, Corp

ColdBox Platform: http://www.coldbox.org
Linked In: http://www.linkedin.com/pub/3/731/483
Blog: http://www.luismajano.com
IECFUG Manager: http://www.iecfug.com

4

Agreed that this is a bug on Adobe’s end however, if you want your code to work on ACF 7,8 & 9, then you’ll have to go with a try/catch solution.

If Adobe fixes the bug they will only fix it in the latest version of CF, so if it’s not fixed in 9.01, you won’t see it into CF 10.

Mark

5

What approach do you suggest?

Luis F. Majano
President
Ortus Solutions, Corp

ColdBox Platform: http://www.coldbox.org
Linked In: http://www.linkedin.com/pub/3/731/483
Blog: http://www.luismajano.com
IECFUG Manager: http://www.iecfug.com

6

Try and access the session in a try/catch.

If it catch catches the exception, you know that session is not enabled, in which case, you can also store the result for later.

Make sense?

There is an example in my 2nd email.

Mark