Howdy, Over the past couple days I've had several instances of members of my site seeing account information of other members. I have a members-only service to which visitors log in with a user name and password. I keep track of the visitors identity and membership status with client variables referenced to cftoken and cfid either in a cookie or in a url.variable for those running without cookies. We've been up for about two years and never had this type of issue before the last week or so. The only event I can come up with that roughly correlates to the onset of the issue is a period last week of higher than usual traffic that caused Cluster Cats to load-balance a lot of folks to our back up server. The best I've been able to come up with is something along the lines of User 1 comes in to Server 1 and gets assigned to Session A. User 2 comes in to the back up, Server 2, which keeps its own session count and gives User 2 Session A. User 2 then returns to the site during a period of less activity, is identified by Server 1 as Session A and is associated with User 1. Makes sense? Of course not. The client variables are stored in a single central db used by both servers. So even if someone was redirected to a backup server mid-session, the system should keep their identity straight. (I've since enabled session aware load management in Cluster Cats.) Any ideas? While we don't anything as critical as credit card data online, this is a very not good thing to have happen. BTW, running CF 4.0.1 on NT4 SP5 with Cluster Cats build 356, MS SQL7 SP2 TIA!! Sean G. ------------------------------------------------------------------------------ Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
