Hi. I have a really weird problem here that is hard to summarize, so I am just going to ask anyone if they've had anything even vaguely like this, since that might help me know where to look. I have a sign-in and registration system on my intranet site. Here is the system: a user registers, creating an Oracle user record. They sign-in, and a cookie is dropped on their machine with their a unique ID for accessing the Oracle record. The Application.cfm file checks the cookie, runs it against the database, tests a bunch of things, and sets some session variables that say who is used in, their unique ID, their name, and some other stuff. From then until the session variables expire, all pages check session variables first to determine user state. This allows me quick access to all the data in the session variables without having to store it in the limited space of cookies and without having to re-run all of the testing that is run when the session variables are not yet set. Here is where things get weird. This thing had been running fine for a year or so with over 10,000 active users, when suddenly I started getting reports of what I now call the "username switch problem". John Smith would be logged in, come to a page on the site and see the name Amanda Jones in the username display on the sidebar of the site. Sometimes, it seems (although this was very hard to track), Amanda Jones would at the same time see her name changed to John Smith. I think that there may have been three-way switches, where three users essentially rotated names. I have patched this by setting logic that checks the current user ID against the cookie user ID. If it finds a mismatch, it re-runs the initial checking and resets all the session variables. I have, since creating that patch, gone about a year without any more reports of problems. Yes, I know, I should have fixed the problem, but as things are always a rush, it always got pushed to the back burner. Now it has reared its ugly head again. I have no idea why this is happening. Bottom line: the session variables for one user are suddenly getting swapped for the session variables of another user, all in mid-session. I believe that all of the session variable reads/writes are properly locked, and--in any case--it strikes me as odd that the errors would so cleanly swap several session variables rather than swapping just some of it and causing errors. If I had to guess, I would say that it seems like the CFID and CFTOKEN of two users get swapped, so that the server simply recognizes each as the other, but that's a wild guess that I can't prove. Does anyone recognize this kind of behavior at all? Any ideas where I might look for a solution? Thanks, Matthieu
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Purchase from House of Fusion, a Macromedia Authorized Affiliate and support the CF community. http://www.houseoffusion.com/banners/view.cfm?bannerid=38 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:182625 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
