aren't already use UUID for cftoken. We were only seeing this issue in
teh training labs when a bunch of people were logged in on the same
part of the network and UUID seemed to prevent the SESSION steals.
-Adam
----- Original Message -----
From: Burns, John D <[EMAIL PROTECTED]>
Date: Tue, 28 Sep 2004 13:56:25 -0400
Subject: Session swapping
To: CF-Talk <[EMAIL PROTECTED]>
We have an internet application running on CFMX hosted locally. Our
clients (on a Navy base) are running machines that are restricted by
NMCI (Navy-Marine Corps Intranet) and they're using a NAT Proxy Server
that all of the users are behind. They just recently got moved to this
new system and we noticed an odd problem with this application. Two
users sitting at separate machines will pull up the website and go to
the login page. Once logged in, they will suddenly both be logged in as
the same person and the CFID and CFTOKEN in the URL are the same. We're
trying to figure out what's causing this problem and how to fix it.
We're meeting with the network team in charge of the NAT Proxy but we're
all expecting an "it's not our problem" response. Can anyone give more
info on how CF assigns CFID and CFTOKEN and how we might be able to code
against this? Any users with experience with NMCI issues would be
especially helpful. Thanks for your time.
John Burns________________________________
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
