Hello, I have a login script on my site. It sets up a small series of session variables.
I am running CF 5, patched, on a very new server, with ample memory and CPU. The server is hardly loaded, according to stats. This script was written about two years ago, and has not changed. Session information is stored in session variables. Very recently, a few visitors to my site arrive at the site and appear to be logged in as other member's of the site. Some of them may not even log in. I have restarted the cold fusion service. This problem still persists. It appears that session variables are bleeding across to other sessions on the site. I have started doing logging based on IP when initially logged in, and the IP as they browse from page to page. I have found in a few instances, the IP from the login, and the IP accessed via cgi aren't even from the same subnet. These are always the sessions that have the wrong information. Has anyone seen this problem? Thank you - ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:191716 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
