Help with exception in my site please !

I have been checking the code and it looks like the real error is on a session variable:

Message Element ANUSER.USERID is undefined in SESSION.
Resolvedname SESSION
StackTrace coldfusion.runtime.UndefinedElementException: Element ANUSER.USERID is undefined in SESSION. at coldfusion.runtime.CfJspPage.resolveCanonicalName(CfJspPage.java:1759) at coldfusion.runtime.CfJspPage._resolve(CfJspPage.java:1677) at coldfusion.runtime.CfJspPage._resolveAndAutoscalarize(CfJspPage.java:1812) at coldfusion.runtime.CfJspPage._resolveAndAutoscalarize(CfJspPage.java:1805) at cfcheckheaders2ecfm954693884.runPage(E:\Domains\rivieramayarent.com\wwwroot\sys\cfincludes\assetnow\checkheaders.cfm:1) at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:231) at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:416) at coldfusion.runtime.CfJspPage._emptyTcfTag(CfJspPage.java:2722) at cfindex2ecfm2078857244.runPage(E:\Domains\rivieramayarent.com\wwwroot\index.cfm:4) at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:231) at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:416) at coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65) at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:342) at coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48) at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40) at coldfusion.filter.PathFilter.invoke(PathFilter.java:87) at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:70) at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28) at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46) at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22) at coldfusion.filter.CachingFilter.invoke(CachingFilter.java:53) at coldfusion.CfmServlet.service(CfmServlet.java:200) at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89) at jrun.servlet.FilterChain.doFilter(FilterChain.java:86) at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42) at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46) at jrun.servlet.FilterChain.doFilter(FilterChain.java:94) at jrun.servlet.FilterChain.service(FilterChain.java:101) at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106) at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42) at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286) at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543) at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203) at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320) at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428) at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266) at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)

But im quite sure im initializing it on this code:

<cfcomponent hint="User session structure">


<cffunction name="init" access="public" output="no" returntype="void" hint="Initialize user session">
    <cfset var q = ""/>
    <cfset var q2 = ""/>
    <cfset var i = 0/>
    <cfset var j = 0/>
    <cfset var allowAccess = false/>
    <cfset var anuser = structNew()/>
    <cfset var trackCookie = "ANX-T-#hash(application.applicationName)#"/> <!--- return visitor tracking cookie --->   
    <cfset var cookieList = ""/>
    <cfinclude template="#application.virtualPaths.CFLIBS#/agentlib.cfm"/> <!--- agent detection library --->
    <!--- create new user session --->
    <cfscript>
        anuser.userID = 0;
        anuser.identifier = createUUID(); /* used for record lock tracking */
        anuser.firstName = "";
        anuser.lastName = "";
        anuser.email = "";
        anuser.status = "new";
        anuser.toolAccess = false; /* flag for tools */
        anuser.userGroups = ""; /* list of user group identifiers, set default so not empty list */
        anuser.userGroupIDs = ""; /* list of user group IDs */
        anuser.authGroupIDs = ""; /* list of authorized groups */
        anuser.defaultGroupID = 0; /* default url group ID (token) */
        anuser.currentGroupID = 0; /* token to ensure correct group for embedded urls using -1 groupid reference */
        anuser.userRoles = "anonymous"; /* role uuid */
        anuser.userRoleIDs = 0; /* role ids */
        anuser.language = listFirst(application.config.SUPPORTED_LOCALES); /* default locale first: English (US) */
        anuser.localeCode = ""; /* locale code: form en_US */
        anuser.sessionTSStart = now();
        anuser.lastAccess = anuser.sessionTSStart;
        anuser.authCode = hash(anuser.identifier); /* used to access secure content/feeds without login */
        anuser.screenMode = "default"; /* can be used to set output format by selecting css */
        anuser.validDomain = application.assetnow.anxdomain(cgi.server_name);
        anuser.userCommentIDs = ""; /* track comments posted during session */
        /* authorize node ids, content ids access permissions for tools user */
        anuser.accessContent = structNew();
        anuser.accessNode = structNew();
        /* vars for tracking metrics */
        anuser.trackUser = true; /* false = exclude from analytics tracking set by exclude IPs setting param */   
        anuser.browser = userAgent(cgi.http_user_agent); /* detect browser - library function */
        anuser.browserSettings = userBrowser(cgi.http_user_agent); /* get browser type, version, OS */
        anuser.connectionType = 0; /* connection speed: 33, 56, 64, 128, 384, 768, 1500, 3000 - set on first session update if track cookie available */
        anuser.campaigns = 0; /* tracks campaigns with ids passed in request from url/form */
        anuser.cookieVisits = 0; /* repeat visitor tracking */
        anuser.cookieTSFirstVisit = anuser.sessionTSStart;                
        anuser.cookieTSLastVisit = anuser.sessionTSStart;        
        anuser.countryCode = "XX"; /* unknown */
        anuser.readOnlyNodeIDs = 0;
    </cfscript>
    <!--- get geolocation if enabled --->
    <cfif application.geoInit>
        <cfset anuser.countryCode = application.geoLocator.findCountry(cgi.remote_addr)/>
        <cfif len(anuser.countryCode) eq 0>
            <cfset anuser.countryCode =    "XX"/> <!--- XX = unknown/other code --->
        </cfif>
    </cfif>
    <!--- read tracking cookie --->
    <cfif structKeyExists(cookie,trackCookie)>
        <cftry>
            <cfset cookieList = decrypt(cookie[trackCookie],application.applicationName)/>
            <cfset anuser.cookieVisits = listGetAt(cookieList,1,"|") + 1/> <!--- visit count --->
            <cfset anuser.cookieTSFirstVisit = listGetAt(cookieList,2,"|")/> <!--- first visit timestamp --->                       
            <cfset anuser.cookieTSLastVisit = listGetAt(cookieList,3,"|")/> <!--- last visit timestamp --->
            <cfset anuser.cookieUUID = listGetAt(cookieList,4,"|")/> <!--- user uuid --->
            <cfcatch type="any">
                <cfset anuser.cookieVisits = 1/>
                <cfset anuser.cookieTSFirstVisit = now()/>
                <cfset anuser.cookieTSLastVisit = anuser.cookieTSFirstVisit/>
                <cfset anuser.cookieUUID = createUUID()/>
            </cfcatch>
        </cftry>
    </cfif>
    <!--- create/update tracking cookie, "repeat" visitor determined from stored last visit timestamp --->
    <cftry>
        <cfset cookieList = "#anuser.cookieVisits#|#anuser.cookieTSFirstVisit#|#now()#|#anuser.identifier#"/>
        <cfcookie name="#trackCookie#" value="#encrypt(cookieList,application.applicationName)#" expires="never"/>
        <cfcatch/>
    </cftry>
    <!--- get all anonymous, link access groups --->
    <cfquery name="q" username="#application.config.DSN_USERNAME#" password="#application.config.DSN_PASSWORD#" datasource="#application.config.DSN#">
        select gGroupID, gIdentifier, gRestrict, gAuthenticate
        from groups
        where gAuthenticate in (0,1)  <!--- anonymous, link access groups --->
        and (gStatus = 1 or (gStatus = 2 and #createODBCDateTime(dateAdd("n",application.config.SERVER_TIME_OFFSET_MINUTES,now()))# between gTSOn and gTSOff))
        <cfif application.geoInit> <!--- only apply location restrictions if geolocator available --->
            and gGroupID not in (select g.gGroupID
                                    from countries cy, groups g, groups_countries gc
                                    where cy.cyCountryID = gc.gcCountry_ID
                                    and g.gGroupID = gc.gcGroup_ID)
            or gGroupID in (select g.gGroupID
                                    from countries cy, groups g, groups_countries gc
                                    where cy.cyCountryID = gc.gcCountry_ID
                                    and g.gGroupID = gc.gcGroup_ID
                                    and cy.cyCountryCode = '#anuser.countryCode#')
        </cfif>
        order by gListOrder DESC;
    </cfquery>
    <!--- list of user authorized groups, used for global access permissions --->
    <cfloop index="i" from="1" to="#q.recordCount#">
        <!--- test for valid country --->
        <cfquery name="q2" username="#application.config.DSN_USERNAME#" password="#application.config.DSN_PASSWORD#" datasource="#application.config.DSN#">
            select cy.cyCountryCode
            from countries cy, groups g, groups_countries gc
            where cy.cyCountryID = gc.gcCountry_ID
            and g.gGroupID = gc.gcGroup_ID
            and g.gGroupID = #q.gGroupID[i]#;
        </cfquery>
        <!--- validate authenticated groups --->
        <cfif listLen(q.gRestrict[i]) eq 0 and q2.recordCount eq 0>
            <cfset anuser.authGroupIDs = listAppend(anuser.authGroupIDs,q.gGroupID[i])/>
        <cfelse>
            <cfset allowAccess = false/>
            <!--- IP address takes priority over country to grant access --->
            <cftry>
                <cfif listLen(q.gRestrict[i]) neq 0> <!--- test for valid IP address --->
                    <cfscript>
                        for (j=1; j lte listLen(q.gRestrict[i]); j=j+1) {
                            if (reFindNoCase(listGetAt(q.gRestrict[i],j),cgi.remote_addr)) allowAccess = true;
                        }
                    </cfscript>
                </cfif>
                <cfif allowAccess eq false and listFindNoCase(valueList(q2.cyCountryCode),anuser.countryCode) neq 0> <!--- test for valid country --->
                    <cfset allowAccess = true/>           
                </cfif>
                <cfcatch type="any">
                    <cfset allowAccess = false/> <!--- any errors then not valid auth access --->
                </cfcatch>
            </cftry>
            <cfif allowAccess>
                <cfset anuser.authGroupIDs = listAppend(anuser.authGroupIDs,q.gGroupID[i])/>
            </cfif>
        </cfif>
        <cfif q.gAuthenticate[i] eq 0> <!--- add anonymous authenticate groups --->
            <cfif listLen(q.gRestrict[i]) eq 0 and q2.recordCount eq 0> <!--- no IP access or country restriction --->
                <cfset anuser.userGroups = listAppend(anuser.userGroups,q.gIdentifier[i])/>
                <cfset anuser.userGroupIDs = listAppend(anuser.userGroupIDs,q.gGroupID[i])/>
                <!--- default group is first anonymous group --->
                <cfif anuser.defaultGroupID eq 0 and q.gGroupID[i] neq application.assetnow.everyoneGroupID>
                    <cfset anuser.defaultGroupID = q.gGroupID[i]/>
                </cfif>
            <cfelse>
                <cfset allowAccess = false/>           
                <!--- IP address takes priority over country to grant access --->
                <cftry>
                    <cfif listLen(q.gRestrict[i]) neq 0> <!--- test for valid IP address --->
                        <cfscript>
                            for (j=1; j lte listLen(q.gRestrict[i]); j=j+1) {
                                if (reFindNoCase(listGetAt(q.gRestrict[i],j),cgi.remote_addr)) allowAccess = true;
                            }
                        </cfscript>
                    </cfif>
                    <cfif allowAccess eq false and listFindNoCase(valueList(q2.cyCountryCode),anuser.countryCode) neq 0> <!--- test for valid country --->
                        <cfset allowAccess = true/>           
                    </cfif>
                    <cfcatch type="any">
                        <cfset allowAccess = false/> <!--- any errors then no access --->
                    </cfcatch>
                </cftry>
                <cfif allowAccess>
                    <cfset anuser.userGroups = listAppend(anuser.userGroups,q.gIdentifier[i])/>
                    <cfset anuser.userGroupIDs = listAppend(anuser.userGroupIDs,q.gGroupID[i])/>
                    <!--- default group is first anonymous group --->
                    <cfif anuser.defaultGroupID eq 0 and q.gGroupID[i] neq application.assetnow.everyoneGroupID>
                        <cfset anuser.defaultGroupID = q.gGroupID[i]/>
                    </cfif>
                </cfif>
            </cfif>
        </cfif>
    </cfloop>
    <!--- ensure valid lists for queries --->
    <cfif listLen(anuser.userGroups)eq 0>
        <cfset anuser.userGroups = anuser.identifier/>
    </cfif>
    <cfif listLen(anuser.userGroupIDs)eq 0>
        <cfset anuser.userGroupIDs = 0/>
    </cfif>
    <cfif listLen(anuser.authGroupIDs)eq 0>
        <cfset anuser.authGroupIDs = 0/>
    </cfif>
    <!--- store user data in session --->
    <cfset session.anuser = anuser/>
</cffunction>
</cfcomponent>

Any idea what could be wrong??

Thanks in advance

First ... that's a lotta' code. But from a quick glance, my question is where is this component called/instantiated? I'm assuming session management is properly enabled, yes?

<cfset session.anuser = anuser/>
</cffunction>
</cfcomponent>

That's kindof breaking encapsulation though..

my hosting said the session management is enabled on the server, and im enabling at Application.cfc with <cfset this.sessionManagement = true/>

the components its called in other file like this:

<cfif session.anuser.userID neq 0>
	<cfset httpHeaders = GetHttpRequestData().headers/>
	<!--- TBD: no prefetching content (Google/Firefox) for signed-in users --->
	<cfif structKeyExists(httpHeaders,"X-moz") and httpHeaders["X-moz"] eq "prefetch">
		<cfheader statuscode="403" statustext="Forbidden"/> <!--- http://www.w3.org/Protocols/rfc2616/rfc2616.html --->
		<cfabort/>
	</cfif>
</cfif>

But now, i dont know what else should i do, it works fine on my localhost im doing test on CF8 while im downloading the CF9 ( the hosting use it).

<cfset session.anuser = anuser/>
</cffunction>
</cfcomponent>

That's kindof breaking encapsulation though..

And about the encapsulation, yeah you are right, i actually paid for this site a long ago and know that i have some programming knowledge im trying to learn CF so i could do some improves to the site in the future, i guess i will need to repair those kind of things.

Thanks in advance for help :D

my hosting said the session management is enabled on the server, and im enabling at Application.cfc with <cfset this.sessionManagement = true/>

But where and when is the component itself called? Usually you'd have something like this somewhere.

<cfinvoke component="YourComponent" method="init" ...> ... or
<cfset obj = createObject("component", "YourComponent")>

If it's only a problem with CF8, then yeah trying it with CF9 is a good idea.

Yes, is on the onSessionStart:

<!--- user object and default to public/anonymous role and locale --->
			<cfinvoke component="#application.config.CFCOMPONENTS_PREFIX#.framework.anusersession" method="init"/>

I have been doing some tests and it looks like the server configuration doesnt allow to use methods from component ( is that possible?).

Only methods on the same file =s.... Does that make any sense at all ? Dont know much about the CFAppServer

I have been doing some tests and it looks like the server configuration doesnt allow to use methods from component ( is that possible?).

Only methods on the same file =s.... Does that make any sense at all ? Dont know much about the CFAppServer

I've never heard of anything like that. Usually shared hosts disable entire options, like createObject("java"). I've never heard about disabling individual portions of cfinvoke.