From 3a377df1081ca5fc28b9d25289ebde75c45916f3 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 2 Dec 2025 15:01:49 +0000 Subject: [PATCH 1/5] Initial plan From 04e21707864a40b9731f33cd211ac66ed4d05b84 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 2 Dec 2025 15:05:50 +0000 Subject: [PATCH 2/5] Use cross-platform session detection with getApplicationMetadata() Co-authored-by: grantcopley <1197835+grantcopley@users.noreply.github.com> --- models/services/TokenService.cfc | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/models/services/TokenService.cfc b/models/services/TokenService.cfc index ba032e1..4de9a79 100644 --- a/models/services/TokenService.cfc +++ b/models/services/TokenService.cfc @@ -71,7 +71,19 @@ component accessors="true" singleton { private function generateNewToken() { // Generate a cryptographically secure random token var tokenBase = "#createUUID()##getRealIP()##randRange( 0, 65535, "SHA1PRNG" )##getTickCount()#"; - return uCase( left( hash( tokenBase & session.sessionid, "SHA-256" ), 40 ) ); + + // Include session ID if sessions are enabled (cross-platform check) + var sessionId = ""; + var appSettings = getApplicationMetadata(); + if ( structKeyExists( appSettings, "sessionManagement" ) && appSettings.sessionManagement ) { + try { + sessionId = session.sessionid; + } catch ( any e ) { + // Session not available yet, continue without it + } + } + + return uCase( left( hash( tokenBase & sessionId, "SHA-256" ), 40 ) ); } private function getRealIP() { From f1b69f96c118501369f6d974b21cc609f19ff761 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 2 Dec 2025 15:07:26 +0000 Subject: [PATCH 3/5] Cache app metadata and improve catch block comment Co-authored-by: grantcopley <1197835+grantcopley@users.noreply.github.com> --- models/services/TokenService.cfc | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/models/services/TokenService.cfc b/models/services/TokenService.cfc index 4de9a79..3985b44 100644 --- a/models/services/TokenService.cfc +++ b/models/services/TokenService.cfc @@ -16,6 +16,11 @@ component accessors="true" singleton { */ variables.csrfService = ""; + /** + * Cache for application metadata to avoid repeated lookups + */ + variables.appMetadata = ""; + /** * Generates a CBWIRE-specific token that doesn't expire. * Stored using the configured storage implementation and lasts for session lifetime. @@ -74,18 +79,30 @@ component accessors="true" singleton { // Include session ID if sessions are enabled (cross-platform check) var sessionId = ""; - var appSettings = getApplicationMetadata(); - if ( structKeyExists( appSettings, "sessionManagement" ) && appSettings.sessionManagement ) { + if ( isSessionManagementEnabled() ) { try { sessionId = session.sessionid; } catch ( any e ) { - // Session not available yet, continue without it + // Handle cases where session scope exists but sessionid property is not yet available, + // or when session operations fail during application startup } } return uCase( left( hash( tokenBase & sessionId, "SHA-256" ), 40 ) ); } + /** + * Checks if session management is enabled in the application (cross-platform) + * + * @return True if session management is enabled, false otherwise + */ + private function isSessionManagementEnabled() { + if ( !isStruct( variables.appMetadata ) ) { + variables.appMetadata = getApplicationMetadata(); + } + return structKeyExists( variables.appMetadata, "sessionManagement" ) && variables.appMetadata.sessionManagement; + } + private function getRealIP() { var headers = getHTTPRequestData().headers; From a62978bb5902c466cca36fe462dd512b4d1dd77e Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 2 Dec 2025 15:08:44 +0000 Subject: [PATCH 4/5] Initialize appMetadata as struct and use structCount check Co-authored-by: grantcopley <1197835+grantcopley@users.noreply.github.com> --- models/services/TokenService.cfc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/models/services/TokenService.cfc b/models/services/TokenService.cfc index 3985b44..003b29e 100644 --- a/models/services/TokenService.cfc +++ b/models/services/TokenService.cfc @@ -19,7 +19,7 @@ component accessors="true" singleton { /** * Cache for application metadata to avoid repeated lookups */ - variables.appMetadata = ""; + variables.appMetadata = {}; /** * Generates a CBWIRE-specific token that doesn't expire. @@ -97,7 +97,7 @@ component accessors="true" singleton { * @return True if session management is enabled, false otherwise */ private function isSessionManagementEnabled() { - if ( !isStruct( variables.appMetadata ) ) { + if ( !structCount( variables.appMetadata ) ) { variables.appMetadata = getApplicationMetadata(); } return structKeyExists( variables.appMetadata, "sessionManagement" ) && variables.appMetadata.sessionManagement; From d297b39ed54956d43eab94957c9ce3fb84fcd29b Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 2 Dec 2025 15:09:47 +0000 Subject: [PATCH 5/5] Use structIsEmpty for better readability Co-authored-by: grantcopley <1197835+grantcopley@users.noreply.github.com> --- models/services/TokenService.cfc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/models/services/TokenService.cfc b/models/services/TokenService.cfc index 003b29e..55cb0c3 100644 --- a/models/services/TokenService.cfc +++ b/models/services/TokenService.cfc @@ -97,7 +97,7 @@ component accessors="true" singleton { * @return True if session management is enabled, false otherwise */ private function isSessionManagementEnabled() { - if ( !structCount( variables.appMetadata ) ) { + if ( structIsEmpty( variables.appMetadata ) ) { variables.appMetadata = getApplicationMetadata(); } return structKeyExists( variables.appMetadata, "sessionManagement" ) && variables.appMetadata.sessionManagement;