Are you able to force users to use cookies? If so, you might try checking for the existence of session tokes in the url, and destroy them before calling cfapplication.
I think you need to try preventing the usage of cfid and cftoken by url :) But I don't know if you are able to do that in your current situation. Micha Schopman Software Engineer Modern Media, Databankweg 12 M, 3821 AL Amersfoort Tel 033-4535377, Fax 033-4535388 KvK Amersfoort 39081679, Rabo 39.48.05.380 ------------------------------------------------------------------------ ------------------------------------------------------------------------ ----- Modern Media, Making You Interact Smarter. Onze oplossingen verbeteren de interactie met uw doelgroep. Wilt u meer omzet, lagere kosten of een beter service niveau? Voor meer informatie zie www.modernmedia.nl ------------------------------------------------------------------------ ------------------------------------------------------------------------ ----- -----Original Message----- From: Martin Parry [mailto:[EMAIL PROTECTED] Sent: woensdag 26 januari 2005 13:15 To: CF-Talk Subject: RE: Sessions being show to wrong users? Hi Kevin - Long time no speak... We have a nightmare at the moment with a large motor dealership who are having this problem.. To alleviate it, I add the following to the headers to make sure firewalls/proxies aren't caching. Although I couldn't do this on a web site of course. <!--- Push a nocache into HTML header ---> <cfparam name="request.nocachesent" default="false"> <cfif NOT request.nocachesent> <cfhtmlhead text="<meta http-equiv=""Pragma"" content=""no-cache"">"> <cfheader name = "Expires" value = "Tue, 20 Aug 1996 00:00:00 gmt"> <cfheader name = "Pragma" value = "no-cache"> <cfheader name = "Cache-Control" value = "private, no-cache, must-revalidate"> <cfset request.nocachesent = true> </cfif> This is compounded by the poorly written code I inherited which also passes around CFID and CFTOKEN in an encrypted URL. Problem being that if you went in from scratch with a new session it's OK. However, people had been sent a bookmark with the encrypted string already in it (including CFID and CFTOKEN) so when they go to their home page it immediately tries to resume the old session.. Tricky old thing to track down and it can be quite a p.i.t.a. - I suggest you look at your web stats and see what the top entry pages are (as long as it shows URI information) Martin Parry Macromedia Certified Developer http://www.BeetrootStreet.co.uk -----Original Message----- From: Kevin Roche [mailto:[EMAIL PROTECTED] Sent: 26 January 2005 09:06 To: CF-Talk Subject: RE: Sessions being show to wrong users? Hi, In the past I have seen the following acuse this problem:....... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:191782 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
