Terry, Yes, the users who are timing out still have valid cookies. We have built in some logging code that grabs as much information as possible from the users who are timed out prematurely, and every time they have values for the CFID, CFTOKEN, and JSESSIONID cookies.
At this point, putting anything into the URL is not an option. The site is huge and this would require lots of changes to resolve a problem that only a fraction of the user base is experiencing. In addition, I believe that throwing the session info in the URL is much less secure. We've noted this as a "worst case scenario" solution but hope to find out a better way of fixing this problem. Thanks for your feedback! -----Original Message----- From: Bader, Terrence C CTR MARMC, 231 [mailto:[EMAIL PROTECTED] Sent: Thursday, April 05, 2007 9:02 AM To: CF-Talk Subject: RE: Session timeout problems "From what we've found, the CFID, CFTOKEN, and JSESSIONID are all still valid cookies on the user side." - on the users having the issue and not just local been working users? just checking and have you tried just putting them in the url string for all your links. been awhile since I had to think about that, but if im not mistaken, that should avoid cookie problems all together. ~Terry -----Original Message----- From: Jason Dunaway [mailto:[EMAIL PROTECTED] Sent: Thursday, April 05, 2007 7:41 To: CF-Talk Subject: Session timeout problems Hi all, I'm having trouble with sessions timing out randomly. I have 2 days to get a fix together for this problem so any help is greatly appreciated. Here are the specifics: The website in question is heavily based upon user information. We designed a "user" component that is loaded in the session scope when the user logs in. This component contains all of the user's information as well as methods dealing with the user's information. In the site's main application.cfm, we are checking to verity that "session.userdata" is defined in order to access any page. If that variable is not defined, then we direct the user to a "session timeout" page that requires them to log back in. Our goal is to have the session timeout be set at 2 hours. We've made sure that, on the coldfusion server admin end, everything is setup to 2hrs. In the application.cfm page, we're setting the application up like this: <cfapplication name="test" sessionmanagement="yes" sessiontimeout="#CreateTimeSpan(0,2,0,0)#" setclientcookies="yes"> OK, so in theory this should be fine. Well, not so much. Most (like 90% or more) of our users DO NOT have any issues. They stay logged in for the 2 hours without any problems. In fact, we are unable to duplicate the problem but have confirmed that it's happening with some users. Every time the view a page the timer is reset and all is well. Well for quite a few users we are seeing that their sessions are timed out randomly, ranging from 3 minutes all the way to 117 minutes! It is very strange. The site is on a cluster (2 servers), so we assumed that the "sticky" is not working correctly. Proxy server stuff also has been considered. We've taken all of the steps necessary to eliminate both possibilities.....we're now running on 1 server and making sure that no pages are cached by remote proxies. I've been researching how coldfusion manages sessions. We are gathering as much data as we can when the timeout occurs. From what we've found, the CFID, CFTOKEN, and JSESSIONID are all still valid cookies on the user side. For whatever reason the session scope variables are being wiped out randomly. There has been no pattern to this, it's completely random and the data collected is not pointing in any one direction. If you have any advice, please respond. I've spent a lot of time recently trying to chase down this problem and I'm getting very annoyed by it. I would sincerely appreciate any input. We are using CFMX 6.1. Any questions about what I've posted please let me know and I'll do my best to answer. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJQ Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:274579 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
