User implementations must be serializable
nomadinjax opened this issue · 2 comments
Since the instance of the current user is stored in the session scope, and if the CF server is configured to persist sessions for clustering/failover, the DefaultUser/AnonymousUser must be serializable/deserializable.
It has been reported that in CF8, the deserialization chokes due to the arrays in the User implementations. This causes the current user to be lost and defaults back to an anonymous user even when a valid user has existed.
http://www.oscararevalo.com/blog/index.cfm/2008/7/28/Overcoming-CFC-Serialization-Issues-Using-Java
Using the serialize/deserialize techniques below it may be possible to write unit tests against this for validating the issue/fix.
http://www.remotesynthesis.com/post.cfm/serialize-and-deserialize-a-component-in-coldfusion-8
The issue has not yet been tested against JRun/CF9, Tomcat/CF10, or Tomcat/Railo. If unit testing this is possible that should expose the issue if it exists.
Serialization testing can be performed using CF9+ methods ObjectSave() and ObjectLoad(). Will require backport methods for CF8.
new unit test added to UserTest. tests both anonymous and default user instances. this is passing in CF8, CF9, and CF10. There are still some issues with Railo - opening a separate ticket.
Resolved in v1.1.1