Have you noticed the ColdFusion 10 admin allows only one login at a time? It's by design
Note: This blog post is from 2012. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.Someone raised a question on one of the Adobe forums saying that they kept getting kicked out of (logged off) the CF Admin in CF10.
Ultimately, he realized it was that when one of his colleagues logged into CF 10 Admin, he got logged out, and vice-versa. Certainly frustrating.
And yes, it's by design in CF10, as part of various security enhancements. The issue is that only one person can be logged in to a given account name in the CF Admin (by default, it's "admin"). There is a solution: create new logins for each person needing to access the Admin. I discuss this and much more below.
Update 1: Since I wrote this entry back in June '12, I did a video for Adobe about a year later where I walk through this in several minutes. You may want to check that out.Update 2: Great news for those using CF11: CF11 addresses this problem with a new feature in the CF Admin. You may want to read ahead to understand the problem to appreciate the point of this solution. Anyway, see the Security > Administrator page and its option, "Allow Concurrent Login Sessions for Administrator Console". The docs say that it will be disabled by default, allowing multipel logings, unless you choose the "securee profile" option during installation or via the admin (the ability to change that in the Admin is another new feature of CF11), in which case concurrent access by a given account it will be disabled.
Where's is this change in CF10 documented?
It is documented, in a couple of places.
For instance, you can find it discussed in Security improvements in ColdFusion 10, by Adobe engineer Shilpi Khariwal (who is also the "security czar for the CF team").
Her article notes with respect to changes about CFLOGIN, which the CF Admin uses under the covers:
Now you can have only one active session open for one user for a given application that uses the cflogin tag.For example, you can now access the Administrator console one user at a time with a given set of UserIDs and passwords.
Now, you may think, "but that doesn't explain why another user and I can't use the CF Admin at the same time", but actually it does. Note that the login is not "per user" but "per account" using the CFLOGIN. And by default, there is one account used for logging into the CF Admin, called the Admin user. We normally don't even notice or use that, and only need to enter the password for that account.
So it's saying that "2 users of the same account can't be logged into the CF Admin at one time." I agree it's an annoyance, but I'm sure there's a worthy security problem for which it was the solution. Maybe someone from Adobe will chime in with more thoughts.
There's also a discussion related to "logins to the CF Admin" in the CF10 docs, in the "Developing Coldfusion 10 Applications" manual, though it's not worded as applying so obviously to this specific situation above. At the bottom of this page on Miscellaneous CF10 changes, it says:
You are logged out from one of the ColdFusion administrators, if:From the same host, you log in to the ColdFusion (10) Administrator and the ColdFusion Administrator of an older version.
The solution
As I noted above, you can solve this problem by defining a new username for each person accessing the CF admin.
Many never noticed but CF8 added the ability (Security>User Manager) where you could define additional username/password combinations in the CF Admin (including limiting what parts they can access, including the Server monitor) and also for controlling RDS access.
I did a fairly extensive article on how to use this multiple CF Admin login feature, from 2009 in the Adobe Dev Center. At the time I wrote that (CF8 timeframe), the ability to add admin users was limited to CF Enterprise, but in CF 9 that was lifted and available also in Standard.
Hope that's helpful.
For more content like this from Charlie Arehart:Need more help with problems?
- Signup to get his blog posts by email:
- Follow his blog RSS feed
- View the rest of his blog posts
- View his blog posts on the Adobe CF portal
- If you may prefer direct help, rather than digging around here/elsewhere or via comments, he can help via his online consulting services
- See that page for more on how he can help a) over the web, safely and securely, b) usually very quickly, c) teaching you along the way, and d) with satisfaction guaranteed
Our first assumption was that it was multiple IP restrictions.
Very frustrating, but its quickly teaching us to be more patient.
One other reason the individual logins are probably a good idea is the new audit log in the Administrator. With individual logins you will actually be able to see who did what rather than just seeign a generic "admin" user.
Thanks again for your help.
Meint
We just got a new CF 10 VPS and the fact that we can't do anything in the cfadmin is limiting how much we can set things up. Their support staff doesn't know what's going on.
Has anyone found a solution to this?
Thanks
Whether on the local VPS or accessing via public IP, we get kicked out of the CF admin in less than a minute, sometimes quicker. There is only one user account and we are NOT using simultaneous logins.
Anyone see a tech note on this or have any possible causes/solutions?
We're on CF 10 Enterprise with the latest hotfix applied.
Thanks!
We'll need to set up an alternate CF Admin (as Charlie mentioned) for our control panel to use so you don't get kicked out.
It is quite bothersome...
It may really be worth it in this case to create new user (in the CF Admin) on each instance, whose name is unique to the instance (even if just admin1, admin2, etc.). That way you could then login to more than one of them at once.
Let me know if that helps.