![(please configure the [header_logo] section in trac.ini)](/ModelGlue.com/trac.cgi/chrome/site/your_project_logo.png){kind=logo}
Ticket #301 (new defect) — at Initial Version
Sub applications should not use session scope directly.
| Reported by: | esprehn | Owned by: | somebody |
|---|---|---|---|
| Priority: | highest | Milestone: | 3.2 |
| Version: | 2.0.304 | Severity: | blocker |
| Keywords: | Cc: |
Description
The below components and files use the session scope directly when they should be using the ModelGlue?_APP_KEY to group the sub application session variables to prevent collisions with other sub applications running in the same CF application.
Currently two applications can run into each other with async requests or other state variables in the session in certain load situations.
Affected Files: ModelGlue?.unity.eventrequest.EventContext? ModelFlue?.unity.statebuilder.StateBuilder? ModelGlue?.unity.framework.ModelGlue? ModelGlue?.unity.loader.FrameworkLoader? ModelGlue?/unity/ModelGlue.cfm
The files should be using session[ModelGlue?_APP_Key] instead of session, which requires some minor changes to the ModelGlue? component.
I suggest adding a method to ModelGlue?.unity.framework.ModelGlue?:
<cffunction name="getSessionScope" access="public" returntype="struct" output="false">
<cfif len(getApplicationKey())>
<cfif not structKeyExists(session,getApplicationKey())>
<cflock scope="session" timeout="10">
<cfif not structKeyExists(session,getApplicationKey())>
<cfset session[getApplicationKey()] = structNew()>
</cfif>
</cflock>
</cfif>
<cfreturn session[getApplicationKey()]>
</cfif>
<cfreturn session>
</cffunction>
Then the EventContext? and StateBuilder? components can use variables._framework.getSessionScope() to access the currently active session and ModelGlue?.cfm can use _ModelGlue.framework.getSessionScope(). Of course the ModelGlue? component can just use getSessionScope() directly.
The ModelGlue?.unity.loader.FrameworkLoader? component should also be changed to use the below code instead of generating a random key with CreateUUID(), then adding and deleting it. I doubt very much that there will ever be a collision with the UUID, but using a simple structKeyExists() removes that chance entirely, and also removes 2 function calls and one local variable!
/ModelGlue/unity/loader/FrameworkLoader.cfc:38 <cftry> <cfset structKeyExists(session,"test") <cfcatch> <cfset mg.setUseSession(false) /> </cfcatch> </cftry>
I can prepare a patch if you guys want. :)
