Is it no possible that you set your data to session once you knw the data is validated so that it uses the data passed in your argument and b'se you already have a clock inside it will prevent race condition. Return true if validated and set to session else return false. In that way you knw if it actually set to session or not.
Sent from my iPhone On Feb 1, 2012, at 9:25 PM, "Eric Roberts" <[email protected]> wrote: > > Best thing to do is to cflock the db action so that you can get a unique > record. If the call to the cfc is what hands the entirety of the user > authentication...put a lock around that call so that no other users are > taking action until the first is done. > > -----Original Message----- > From: Eric Williams [mailto:[email protected]] > Sent: Wednesday, February 01, 2012 9:44 AM > To: cf-talk > Subject: Re: Crossed Accounts Issue > > >>> I have an issue that I am hoping one of you can help me out with. >> The issue is caused when more than one user logs in >>> with a few tenths of a second of each other. This happens maybe >> once every few weeks on a high volume application. >>> The problem is with user information getting mixed up when >> authenticating. >>> >>> As you can see from the code below the authenticate component is >> called right before setting the session username. >>> The authenticate component does all the basic checks and returns the >> user info. In these rare instances the >>> session.RetAuth.username and all the info returned from the >> component are for another user that is logging in at the same >>> time. >>> >>> <CFSCRIPT> >>> if(NOT IsDefined("APPLICATION.oUser")){ >>> APPLICATION.oUser=CreateObject("component", >> "#APPLICATION.G.CFC_PATH#User"); >>> } >>> APPLICATION.oUser.DSN=this.DSN; >>> </CFSCRIPT> >>> <CFSET session.RetAuth=APPLICATION.oUser.authenticate(form. >> Login,form.Password)> >>> <CFSET SESSION.UserName=FORM.Login> >> >> This is a race condition issue. You can solve it by implementing >> locking, either around this code or perhaps within your component. >> >> Dave Watts, CTO, Fig Leaf Software >> http://www.figleaf.com/ >> http://training.figleaf.com/ >> >> Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA >> Schedule, and provides the highest caliber vendor-authorized >> instruction at our > > Dave, > > I already have a lock in the component, I create a unique uuid on each > request for the lock. Did not solve the problem. Might try a lock around > the entire login code. > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349759 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
