Micha, I once had the *exact* problems Martin described, and they were due to a badly configured proxy server caching the page:
customer A visits the site and requests a page with session specific information. The proxy caches this page. Customer B visits the site and requests the same page. The proxy returns customer A's version of the page from its cache to customer B. If these instructions stop the proxy from caching the page in the first place, then it will always request a fresh page from your server. Session management is not black magic, it's very well understood and CF does it reasonably well. If you have a situation where users seem to be "sharing" sessions and all the users who experience this problem are behind the same proxy or firewall, then occam's razor tells us that it is more likely to be a misconfigured proxy than some deeply hidden bug in CF. Try using the tags and calling the proxy administrator to flush the cache on his side. /t >-----Original Message----- >From: Micha Schopman [mailto:[EMAIL PROTECTED] >Sent: Wednesday, January 26, 2005 3:23 PM >To: CF-Talk >Subject: RE: Sessions being show to wrong users? > >These headers only prevent the proxy server from creating a cached >version. They do not prevent a user behind a proxy, from visiting the >website with the same session tokens :) > >The only way is to separate users, be denying a clone to use >the service >with the same tokens, or by identifying clones with clone specific data >(cookies). :) > >Micha Schopman >Software Engineer > >Modern Media, Databankweg 12 M, 3821 AL Amersfoort >Tel 033-4535377, Fax 033-4535388 >KvK Amersfoort 39081679, Rabo 39.48.05.380 > >--------------------------------------------------------------- >--------- >--------------------------------------------------------------- >--------- >----- >Modern Media, Making You Interact Smarter. Onze oplossingen verbeteren >de interactie met uw doelgroep. >Wilt u meer omzet, lagere kosten of een beter service niveau? Voor meer >informatie zie www.modernmedia.nl >--------------------------------------------------------------- >--------- >--------------------------------------------------------------- >--------- >----- > >-----Original Message----- >From: RADEMAKERS Tanguy [mailto:[EMAIL PROTECTED] >Sent: woensdag 26 januari 2005 15:11 >To: CF-Talk >Subject: RE: Sessions being show to wrong users? > >Martin, > >Try this: > ><cfheader name="Cache-Control" value="no-store"> ><cfheader name="Cache-Control" value="no-cache"> > >/t > >>-----Original Message----- >>From: Martin Parry [mailto:[EMAIL PROTECTED] >>Sent: Wednesday, January 26, 2005 2:18 PM >>To: CF-Talk >>Subject: RE: Sessions being show to wrong users? >> >>Yes, I like that !! But... If the user's coming from behind a >>proxy all >>you see is a single IP address as they're using NAT. It should reduce >>his problem somewhat though. >> >>Martin Parry >>Macromedia Certified Developer >>http://www.BeetrootStreet.co.uk >> >> >>-----Original Message----- >>From: Micha Schopman [mailto:[EMAIL PROTECTED] >>Sent: 26 January 2005 12:50 >>To: CF-Talk >>Subject: RE: Sessions being show to wrong users? >> >>Oh, and another option, lock the session to the IP address of the >>visitor. >> >> >> > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:191807 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
