Are you passing round the CFID and CFTOKEN in the URL? If so, make sure nowhere links to your site with those tokens in the link - if two people click on the link within 20 minutes of each other (or whatever your session timeout is), they will share a session.
We used to have this problem with search engines on the Internet. They would index our site with the CFID and CFTOKEN intact and, as the site grew more popular, people clicking through the same link on the search engines would be sharing the same session. As you can imaging, this was quite an embarassment. Now I only use the tokens in the URL if they are behind a POSTed log in box. Ian ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Get the mailserver that powers this list at http://www.houseoffusion.com/banners/view.cfm?bannerid=17 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:189780 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
