tracker issue : CF-3839458

select a category, or use search below
(searches all categories and all time range)
Title:

User Login session not properly closed

| View in Tracker

Status/Resolution/Reason: Closed/Fixed/

Reporter/Name(from Bugbase): Jürgen Wittsiepe / Jürgen Wittsiepe (Jürgen Wittsiepe)

Created: 10/15/2014

Components: Security

Versions: 11.0

Failure Type: Non Functioning

Found In Build/Fixed In Build: CF11_Final /

Priority/Frequency: Critical / All users will encounter

Locale/System: English / Win 2012 Server x64

Vote Count: 11

Listed in the version 2016.0.0.297996 Issues Fixed doc
Verification notes: verified_fixed on October 29, 2016 using build 2016.0.01.298513 
Problem Description:When a user logs (CFLOGIN) and the session expired the next login will fail. Although the user seems to be logged in it does not work. The next login will work again

Steps to Reproduce:<cflogin idletimeout="#Login_Timeout#" ...">

Actual Result:Does not work with CF 11

Expected Result:Worked without problems with CF 9

Any Workarounds:

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	3839458

External Customer Info:
External Company:  
External Customer Name: wittsiepe
External Customer Email:  
External Test Config: My Hardware and Environment details:

Attachments:

  1. November 07, 2014 00:00:00: 1_cf11.rar
  2. May 17, 2015 00:00:00: 2_Application.cfc
  3. October 03, 2015 00:00:00: 4_ApplicationTestCFlogin.cfc
  4. March 01, 2016 00:00:00: 5_3839458_User_Login.rar

Comments:

Maybe it has something to with this bug: ColdFusion 11.0 - Bug CF-3712083
Comment by External U.
10624 | October 15, 2014 03:14:39 AM GMT
I have attached the sample login app that I am testing it on, if there are any changes to be done to that, do let us know. Could you also provide information about the server configuration,the environment your machine is setup on,the browser details(if problem occurs on only one particular browser or others as well) & log details if any.
Comment by S P.
10625 | November 06, 2014 09:15:14 PM GMT
Users are still seeing this issue. See another post about it here - http://stackoverflow.com/q/28874726/1636917
Vote by External U.
10661 | March 11, 2015 06:52:08 AM GMT
Just a note to report that I have also ran into this bug. My login code worked correctly with CF8, CF9 and CF10. This issue has only shown up since an upgrade to CF11.
Comment by External U.
10626 | March 11, 2015 07:01:00 AM GMT
This bug will impact every user and could be quite frustrating to our user base!
Vote by External U.
10662 | March 11, 2015 07:01:47 AM GMT
I too have this problem. I found a workaround here - http://stackoverflow.com/questions/28874726/coldfusion-user-login-fails-after-session-timeout Though ideally I think it's bug that should be fixed.
Comment by External U.
10627 | March 11, 2015 09:09:17 AM GMT
+1 - I'm seeing the exact same issue. Was going to file a ticket until I saw this was already filed.
Vote by External U.
10663 | March 24, 2015 05:22:13 PM GMT
Am experiencing the same problem with two large corporate clients after move from CF10 Ent to CF11 Ent
Vote by External U.
10664 | March 30, 2015 01:36:22 AM GMT
Same problem. One Solution is allowconcurrent="false" but it's not for everyone usefull :(
Vote by External U.
10665 | May 15, 2015 01:35:14 PM GMT
Hi S Preethi, Another workaround is duplicate the <cflogin>/cflogin(). Example: <cflogin ..> <cflogin ..> When both have allowconcurrent=true (the default), then both will run. isUserLoggedIn() returns YES after the 1st, but the 1st login actually fails. The 2nd runs and logs in correctly. Repro attached as Application.cfc Thanks!, -Aaron
Comment by External U.
10628 | May 16, 2015 10:06:32 PM GMT
Forgot to note: When THIS.loginStorage="cookie", then the issue does not reoccur if an old cfauthorization cookie is still present. Thanks!, -Aaron
Comment by External U.
10629 | May 16, 2015 10:34:34 PM GMT
it's happening on a production server
Vote by External U.
10666 | May 24, 2015 09:50:25 PM GMT
......................................
Vote by External U.
10667 | May 25, 2015 05:34:03 AM GMT
We are experiencing the same problem while upgrading from CF 9 to CF 11. Adding two <cflogin> tags helps in most of our web applications, but it's slower and doesn't work in all cases. Please fix this bug as soon as possible!
Vote by External U.
10668 | June 04, 2015 02:38:38 PM GMT
Very very annoying, happen also with the CF admin application
Vote by External U.
10669 | August 10, 2015 04:34:05 AM GMT
We sure would like to upgrade to CF11, but this is a showstopper for us. Any status on the progress of resolving this bug?
Comment by External U.
10630 | September 17, 2015 11:32:57 AM GMT
Would those that have responded to this bug that they are having a problem with this issue, please provide the version of CF11 and Update Level they are currently using? Thank you.
Comment by External U.
10631 | October 02, 2015 09:23:05 AM GMT
Here is another Adobe developer working with someone on the same unresolved issue: https://forums.adobe.com/thread/1546486
Comment by External U.
10632 | October 02, 2015 06:44:30 PM GMT
Please work with the developers on reproducing this bug.
Vote by External U.
10670 | October 02, 2015 06:45:05 PM GMT
My server has the latest patches and is on CF11. This problem did not occur prior to CF11. It was brought to my attention from another Adobe developer that you were not able to replicate this issue. I have attached an Application.cfc file (named ApplicationTestCFLogin.cfc) to differentiate from the other Application.cfc file that is already attached. The file that I uploaded has the bug that forces a second login. Interestingly, If the page is refreshed after the initial login, then a second login is not prompted. If #createUUID()# is attached to the name, then the login works properly. <cfloginuser name="#form.uName##createUUID()#" password="#form.pWord#" roles="">
Comment by External U.
10633 | October 03, 2015 10:09:03 AM GMT
Hi Preethi, This ticket has been "ToTest/HaveNewInfo" for many months. For repro, please see the attached Application.cfc and my comment on 8:36:32 PM GMT+00:00 May 16, 2015. Thanks!, -Aaron
Comment by External U.
10634 | October 05, 2015 01:12:03 AM GMT
Hi Aaron, This bug was marked for ToFix, after which it came back to me only a few days back to check if the issue was reproducible in another scenario as well. Since it is being reproducible changing the status back to ToFix. Thanks, Preethi
Comment by S P.
10635 | October 06, 2015 02:32:15 AM GMT
Thanks very much, Preethi!, -Aaron
Comment by External U.
10636 | October 06, 2015 02:38:10 AM GMT
The fix will be available in the next ColdFusion release. Thanks!
Comment by S P.
10637 | October 18, 2015 11:32:31 PM GMT
Is that the next hotfix or the next full release?
Comment by External U.
10638 | October 19, 2015 05:56:01 AM GMT
It would be available in the future update for ColdFusion 11. Thanks!
Comment by S P.
10639 | October 29, 2015 01:23:10 AM GMT
Why does this Bug has the "Status: Fixed" ? We do have the same problem with <cflogin> in our production system (CF 11 with Update 6) ! Looking at the article "ColdFusion 11 Update 7 is available for early access" ( http://blogs.coldfusion.com/post.cfm/coldfusion-11-update-7-is-available-for-early-access ) and reading the fixed issues ( https://cfdownload.adobe.com/pub/adobe/coldfusion/PR/11/documentation/update7/IssuesFixed_ColdFusion11_Update7.pdf ) you can seen, that this bug is not fixed in the coming update 7 yet. That's really not good.
Comment by External U.
10640 | November 16, 2015 06:36:07 AM GMT
I agree with Knut. Our developers have waited patiently for this release so that we can upgrade our servers to CF11. When will this fix be released? Thank you.
Comment by External U.
10641 | November 16, 2015 10:03:22 AM GMT
Was this bug fixed in this last hotfix just released because it didn't fix the problem on our test CF11 server? Please let us know the status as this is holding us up to moving to CF11 or future upgrades.
Comment by External U.
10642 | November 18, 2015 10:15:18 AM GMT
We now have to start paying for fixes to the broken CF tags The latest from Adobe: CF12 is not yet out. If you need a hotfix beforehand, then we would need a Support contract for ColdFusion.
Comment by External U.
10643 | November 19, 2015 01:05:30 PM GMT
Hi Preethi, Is the following still true? "It would be available in the future update for ColdFusion 11." Thanks!, -Aaron
Comment by External U.
10644 | November 19, 2015 04:00:11 PM GMT
Last night we've updated our production server to "ColdFusion 11 Update 7" and did some testing. RESULT: The newest "ColdFusion 11 Update 7" still does not fix the <cflogin> problem on our server. Users are still forced to update twice after a session has timeouted.
Comment by External U.
10645 | November 20, 2015 01:13:28 AM GMT
I would like everyone to note the date this was originally reported to Adobe: Created on Wednesday, October 15, 2014 ! That's over a year ago.
Comment by External U.
10646 | November 20, 2015 07:49:11 AM GMT
Over a year has passed since the bug was reported and really nothing happened. It's really time to fix the bug...
Vote by External U.
10671 | November 21, 2015 06:34:16 PM GMT
Hi, The fix for the above would be out in the next update release of ColdFusion11. Also, if you require the fix ASAP do contact cfinstall@adobe.com. Thanks!
Comment by S P.
10647 | November 23, 2015 10:40:38 PM GMT
Hi Preethi, Thank you very much for confirming! -Aaron
Comment by External U.
10648 | November 24, 2015 05:22:00 AM GMT
Thank you, Preethi and Kishore, for making this happen with CF11 and not CF12 as I was told.
Comment by External U.
10649 | November 24, 2015 08:48:45 AM GMT
I'm not certain this is working correctly in Chrome. It fixed it in IE, but not Chrome.
Comment by External U.
10650 | February 03, 2016 10:12:57 AM GMT
I still notice even with the hot-fix applied that the following error is still logged: An error occurred while fetching element from authcache.
Comment by External U.
10651 | February 24, 2016 03:17:49 AM GMT
Is this not fixed until Upgrade 8? If so, it won't work in Upgrade 7.
Comment by External U.
10652 | February 25, 2016 11:35:28 AM GMT
Hi Toby, Is the hotfix that you have applied Update 7? Because in that case it would not work, as the fix would be available in Update 8 of ColdFusion 11. Thanks, Preethi
Comment by S P.
10653 | February 26, 2016 12:04:46 AM GMT
I installed the hot fix (hf1100-CF-3839458.jar) that Vikram sent to me that I requested by emailing cfinstal@...
Comment by External U.
10654 | February 26, 2016 01:48:05 AM GMT
Hi Toby, I have verified the scenario with the provided patch(hf1100-CF-3839458.jar), and with this it does not throw the exception"An error occurred while fetching element from authcache". I have tried it with the 'cfcs' that have been attached in the bug as well as the below attached application that I have used. Can you try clearing the cookies and then run your application to see if it still throws the exception. Also if still are facing the issue, can you share your repro code so that we can verify the same form our end. Thanks, Preethi
Comment by S P.
10655 | March 01, 2016 12:13:37 AM GMT
Hi Preethi, Using my Application.cfc (attached to this ticket), I see: 1) hf1100-CF-3839458.jar patch fixes CF-3839458 (good) 2) "An error occurred while fetching element from authcache" is no longer thrown, when running my repro (good) However, the CF Admin still logs "An error occurred while fetching element from authcache" if CF Admin session expired. Repro: 1) Login to CF Admin 2) Wait a while for CF Admin's session to timeout 3) F5 the CF Admin 4) See "An error occurred while fetching element from authcache" was logged to security.log Thanks!, -Aaron
Comment by External U.
10656 | March 10, 2016 04:16:11 PM GMT
Hi Aaron, We have logged a separate bug #CF-4131007 for the CF Administrator session timeout issue . Thanks, Pavan.
Comment by S V.
10657 | March 22, 2016 03:52:26 AM GMT
Hi Pavan, Thanks very much! -Aaron
Comment by External U.
10658 | March 26, 2016 08:53:01 PM GMT
Verified this is fixed in CF2016 Final (build 2016.0.0.297996). Thanks!, -Aaron
Comment by External U.
10659 | October 29, 2016 01:38:09 PM GMT
Has a hot fix been released for cflogin for CF11 Update 10? If not, this issue should not be set to Closed and Fixed. Is hf1100-CF-3839458.jar patch still available?
Comment by External U.
10660 | November 22, 2016 01:07:32 PM GMT