> Yup. I've read so much CF DOC about sessions that I am get dizzy. > I can't figure this out. How in the world would a user in one > location get > the identity of a user at another location?
It comes down to identification done either by jsessionid or cfid and cftoken.... Do you use CFTOKEN and CFID in the URL? Could one be accidentally hardcoded somewhere? Could a proxy server be caching the URL of a request somehow? If not, is there anyway that the cookies are being shared (ie my last suggestion about network storage of cookies)? Can't help much on the jsessionid as never used it :) -- dc ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:201715 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
