Unable to login to Cartweaver Admin Unless First Logged Into Railo/Lucee Web Admin for Site

Daniel Jansen

unread,

Apr 29, 2015, 8:51:07 AM4/29/15

to lu...@googlegroups.com

Railo 4.2.1.008 final

MySQL (5.5.40)
Java Version 1.7.0_45

OS Version Linux (3.14.23-22.44.amzn1.x86_64)

I have not had the opportunity to migrate my production web server from Railo to Lucee.

I am having an issue where I cannot log into the Admin section of a Cartweaver 4 site.

It keeps redirecting to the login page with an Access Denied error.

I have tried to document what's going on here: http://blog.wdbb.com.au/cfml-mura-and-coding/cartweaver-4-site-dev-to-live/

Today I logged into the Railo Web Admin to see if any settings might solve the issue and fiddled with the Client Timeout setting. I was then able to successfully log into the Cartweaver Admin!

Later, I tried to log in the the CW admin to update some products and was greeted with the same Access Denied issue. I then logged into the Railo Web Admin to see what was going on and noticed without changing any settings that I was now able to log into CW!

Can someone please tell me what might be going on or how I might go about diagnosing this?

Thanks for your effort.

Regards,

Daniel Jansen

Web Design Batemans Bay

Gert Franz

unread,

Apr 29, 2015, 12:16:23 PM4/29/15

to lu...@googlegroups.com

Daniel,

The access denied error, is that a 403 error or is that just the text you receive?

Could it also be that your cookies are not respected somehow?

Is it happening regardless of what browser you are using?

Can you dump some variables from the session/client/cookie variables?

Check whether the CFID changes.

HTH

Sincerely
Gert Franz

RASIA GmbH

Spittelgasse 7

5103 Moeriken-Wildegg

Email: ge...@rasia.ch
Skype: gert.franz

Phone Switzerland: +41 76 5680 231

--
You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/9f056b26-96a2-446f-a8bc-9c5816a39ec6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

image001.png

Daniel Jansen

unread,

Sep 14, 2015, 1:29:23 AM9/14/15

to Lucee

Hi Gert,

I'm sorry that I never replied to your post - I had thought that I had gotten around the issue.

This week I received a call from the client advising me that the issue is still existing.

The error that I am getting only is visible in the URL which is: http://store.surferjude.com.au/cw4/admin/index.cfm?accessdenied=%2Fcw4%2Fadmin%2Fadmin%2Dhome%2Ecfm%3F

The issue does happen regardless of browser.

CFID changes each time you post the form and the page loads.

Below is a dump of session/client and cookie vars:

If you like, I will create you an account for testing?

Client Scope (Cookie)

cfid

string

67fbbefd-c5ea-40ef-b381-1f8f42024b71

cftoken

string

0

hitcount

number

1

lastvisit

Date Time (Australia/Sydney)
{ts '2015-09-14 15:22:17'}

timecreated

Date Time (Australia/Sydney)
{ts '2015-09-14 15:22:17'}

urltoken

string

CFID=67fbbefd-c5ea-40ef-b381-1f8f42024b71&CFTOKEN=0

Cookie Scope
cf_client_cwebed9907cf28735925eb5f6111d57556_hc

string

2

cf_client_cwebed9907cf28735925eb5f6111d57556_lv

string

1442208137847

cf_client_cwebed9907cf28735925eb5f6111d57556_tc

string

1442208137847

CWAdminUsername

string

cwcartid

string

0

railo_debug_modern

string

286721

Session Scope (Memory)

cfid

string

67fbbefd-c5ea-40ef-b381-1f8f42024b71

cftoken

string

0

CW

Struct

debug

string

false

PAGEVIEWS

string

index.cfm?accessdenied=%2Fcw4%2Fadmin%2Fadmin%2Dhome%2Ecfm%3F

productCatCurrent

string

0

productSecCurrent

string

0

userAlert

string

CWCLIENT

Struct

cf_client_cwebed9907cf28735925eb5f6111d57556_hc

string

2

cf_client_cwebed9907cf28735925eb5f6111d57556_lv

string

1442208137847

cf_client_cwebed9907cf28735925eb5f6111d57556_tc

string

1442208137847

cwcartid

string

20150914031798041

CWPRODVIEWS

string

discountApplied

string

discountPromoCode

string

railo_debug_modern

string

286721

lastvisit

Date Time (Australia/Sydney)
{ts '2015-09-14 15:22:17'}

sessionid

string

CWEBED9907CF28735925EB5F6111D57556_67fbbefd-c5ea-40ef-b381-1f8f42024b71_0

timecreated

Date Time (Australia/Sydney)
{ts '2015-09-14 15:22:17'}

urltoken

string

CFID=67fbbefd-c5ea-40ef-b381-1f8f42024b71&CFTOKEN=0

Dominique Dupuis

unread,

Oct 16, 2015, 2:20:23 PM10/16/15

to Lucee

Has anybody found a solution on this issue?

I have the same problem and would appreciate if you can share what has solved it for you.

Thank you

Dominique

Dominique Dupuis

unread,

Oct 25, 2015, 2:59:57 PM10/25/15

to Lucee

For anybody looking for the answer to this, there seems to be a bug in lucee were even if you turn on the session management in the web module, if it is turn off in the server module, session management is will not actually be turned on (but nothing will tell you it is not on!)

So the solution is to go to lucee server, turn it on there, then in the lucee web admin and turn it on there as well.