We have discovered that some of our users--not all--are somehow getting another user's CFID/CFTOKEN.
Our setup: CF5/Win2K/IIS5, two apps, each in a 2-server cluster, each in the same domain: ie, app1.domain.com and app2.domain.com, storing client variables in a database. We were using CFAPPLICATION with the SETDOMAINCOOKIES="YES" but have disabled it. But the domain cookie that was created still exists with the old CFID/CFTOKEN and we can't get rid of it. It appears that users with the domain-level cookie are getting assigned old CFID/CFTOKEN each time they log back in, and if a session with the same CFID/CFTOKEN exists, they are getting the existing users data. We thought we could fix this by deleteing the domain cookie to force a new session but we have been unable to manually expire the domain cookie with CFCOOKIE. Any ideas? We're desperate! Thanks, Chris ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Special thanks to the CF Community Suite Gold Sponsor - CFHosting.net http://www.cfhosting.net Message: http://www.houseoffusion.com/lists.cfm/link=i:4:184335 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
