>Hello, >I have a login script on my site. It sets up a small series of session >variables. > >I am running CF 5, patched, on a very new server, with ample memory and >CPU. The server is hardly loaded, according to stats. > >This script was written about two years ago, and has not changed. > >Session information is stored in session variables. > >Very recently, a few visitors to my site arrive at the site and appear >to be logged in as other member's of the site. Some of them may not >even log in. I have restarted the cold fusion service. >This problem still persists. > >It appears that session variables are bleeding across to other sessions >on the site. > >I have started doing logging based on IP when initially logged in, and >the IP as they browse from page to page. I have found in a few >instances, the IP from the login, and the IP accessed via cgi aren't even from >the same subnet. These are always the sessions that have the wrong >information. > >Has anyone seen this problem? > >Thank you -
can you post some code - showing how the session variables are set and read? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:191753 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
