I am building a website where I have followed MVC to manage my code without using any frameworks. I have put all of my queries inside cfcs and am initializing them inside my Application.cfm, storing them in application variables like below:
<cfset aplication.customerProfileObject=
createObject("component","cfc.customerprofile").init()>
To perform any query operations, I have made a function and then call it anywhere like this:
<cfset selectedCustomerOb =
application.customerProfileObject.getContactCustomerProfileDetail(session.userid)>
I don't know what is causing the issue, but sometimes a user accesses another user's data. How is that possible? Is it assessing another user's session data or have I initialized the cfc wrong?
Application settings are below:
<cfapplication name="MyDataSourceName"
sessionmanagement="Yes"
setclientcookies="yes"
setdomaincookies="yes"
loginstorage="session"
sessiontimeout="#CreateTimeSpan(0, 2,0,0)#">
CustomerProfile.cfc
<cfcomponent>
<cffunction name="init">
<cfreturn this>
</cffunction>
<cffunction name="getContactCustomerProfileDetail" returntype="query"
description="Returns customer contact details by contactid"
access="public">
<cfargument name="ccId" type="numeric" required="yes">
<cfquery name="getContactCustomerProfileDetail"
datasource="#Application.ds#"
dbtype="ODBC"
username="#Application.UserName#"
password="#Application.Password#">
<!-------My query here--->
</cfquery>
<cfreturn getContactCustomerProfileDetail>
</cffunction>
</cfcomponent>
As Adam says you need to do this:-
<cffunction name="getContactCustomerProfileDetail" returntype="query"
description="Returns customer contact details by contactid"
access="public">
<cfargument name="ccId" type="numeric" required="yes">
<cfset var getContactCustomerProfileDetail = false>
<cfquery name="getContactCustomerProfileDetail"
datasource="#Application.ds#"
dbtype="ODBC"
username="#Application.UserName#"
password="#Application.Password#">
<!-------My query here--->
</cfquery>
<cfreturn getContactCustomerProfileDetail>
</cffunction>
The reason you are getting the problem is because your CFC instance is in a shared scope (application) and you have not var'd the query variable. This means that it is getting set into the variables scope of the CFC instance. Which means that multiple threads can overwrite this value. By just varring the variable as I have shown you make the variable local to the function and so each call to that function creates a localised and thus thread-safe variable.
Basically you should var all local variables in functions as a matter of habit. This code would never pass code review anywhere I have worked.