At 07:55 PM 5/31/00 -0500, Michael Grundvig wrote:
>...
>Now here is the problem; We released this to the public yesterday. It seems
>to work great, but early this morning the errors rolled in. LOTS OF EM.
>After some diagnosing, we determined all the errors we related to one
>problem, session variables. To protect infomation (specifically employee
>numbers) we pass them via session variables. On every page, we run queries
>against Sybase to pull their name, infomation, etc. Now the problem is that
>people are "jumping" sessions. So user A will see user B information. It
>seems consistent, so you dont switch users from page to page, maybe once in
>the session, but from then on, you remain this other user. When we first saw
>this problem, we attempted reducing the session timeout to no avail. The
>sessions are all locked already and it is not experiencing any real load. We
>are running Solaris with Netscape Enterprise Server and Cold Fusion 4.0
>installed on the same box. The database is a massive Sybase system running
>on its own environment. Sessions are being done without URL variables. This
>is the ONLY thing we are storing in the session variable. This is a real
>concern and its very important that we solve this as some people in the
>company are already fighting against Cold Fusion in favor of Java and this
>error makes CF look awful as it was a high profile failure. I contacted
>Allaire only to be told to open a ticket and have posted a message on the
>forums with a few responses but no solutions. Any help would be greatly
>appreciated!
Here's an idea I picked up from this list. When you initialize your
session, do this:
<cfset session.remote_addr = cgi.remote_addr>
Then, in application.cfm, add this:
<cfif isDefined("session.remote_addr") AND cgi.remote_addr NEQ
session.remote_addr>
<!--- SESSION JUMP, handle it however you want --->
</cfif>
This may help you pinpoint the problem. However, it may also cause other
problems; note the following from Michael Sheldon:
>Some proxy servers, most notably AOL's, will rotate through several IP
addresses
>in a single session. The worst I've seen so far was an AOL user who's
>requests came from 15 different IP addresses in 15 consecutive requests.
If you can determine any more details about when this is happening, please
post.
Gregory M. Saunders, Ph.D.
Senior Design Architect
Cognitive Arts Corporation (http://www.cognitivearts.com)
120 S. Riverside Plaza, Suite 1520
Chicago, IL 60606
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
