Michael, this is a little confusing but it is not the whole of the Session Vars that are stored in the cookie just the bit that refers/ties the user to them (CFID- CFTOKEN). We have had Session var issues similar to this before and setting setclientcookies="Yes" clientstorage="Cookie" has cured the issue.
Kind Regards - Mike Brunt, CTO Webapper http://www.webapper.com Downey CA Office 562.243.6255 AIM - webappermb "Webapper - Making the NET work" -----Original Message----- From: Michael Kear [mailto:[EMAIL PROTECTED]] Sent: Sunday, September 29, 2002 10:28 AM To: CF-Talk Subject: RE: Losing session information .. any ideas why? No, we don't delete them anywhere. It's used for granting access to people who've paid for a week or more access to a part of the site. There are lots of vars kept and I'd be reluctant to keep them all on the user's machine in a cookie. That's a security problem, as users can change the content of their cookies. I'd rather just use the cookies to identify them and get their details out of our database. You don't think that'll work? Cheers, Mike Kear Windsor, NSW, Australia AFP WebWorks -----Original Message----- From: Mike Brunt [mailto:[EMAIL PROTECTED]] Sent: Monday, 30 September 2002 3:13 AM To: CF-Talk Subject: RE: Losing session information .. any ideas why? Michael, is there anywhere on the CF part of your site where you are deleting Session vars are you just relying on the Timespan. Also where are you creating the Session vars and are you checking if they already exist before you create them? Just some pointers to check. You might also want to change your client storage to this setclientcookies="Yes" clientstorage="Cookie", this actually may be the main issue. Kind Regards - Mike Brunt, CTO Webapper http://www.webapper.com Downey CA Office 562.243.6255 AIM - webappermb "Webapper - Making the NET work" -----Original Message----- From: Michael Kear [mailto:[EMAIL PROTECTED]] Sent: Sunday, September 29, 2002 9:44 AM To: CF-Talk Subject: Losing session information .. any ideas why? Does anyone have any idea why some client sessions disappear when my users move to non-coldfusion parts of my site? This is not happening with all users, but is particularly true of users who are using Symantec's personal firewall. (They are definitely accepting cookies, because when a user complains about not being given access, we insist they accept cookies before we'll write up their issue as a problem) My application tag is as follows: <cfapplication name="CFcalcs" clientmanagement="Yes" sessionmanagement="Yes" setclientcookies="Yes" sessiontimeout="#CreateTimeSpan(0,1,0,0)#" clientstorage="CFClientVariables"> I can see sessions being created in the datasource, but if the user goes off to another part of the site, that is not under coldfusion control - (.asp and .html pages) when they come back to the cold fusion pages, their client vars don't exist. Also, of course what can I do about this problem? Cheers, Mike Kear Windsor, NSW, Australia AFP WebWorks ______________________________________________________________________ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
