I'm sorry Jason that I can't solve your problem but I'd suggest you look into increasing your server memory possibly as well as looking at your CF Administrator settings. Also verify that you are locking the call to the session with cflock. I try to do this only once in the application.cfm file so there aren't multiple cflocks on every page that you reference it. Best of luck!
I don't use sessions anymore... I had similar problems with sessions back in CF5.0 I figured it was either a server memory issue or a client proxy or browser brand/version issue. I decided to stick with session-level cookies and have never looked back since . They seem to always work. I set cookies with no timeout so they expire when they close their browser. I understand that sometimes for maybe security reasons you want to time them out in theory but is it really that much more secure? Two hour timeouts would mean that they can leave for lunch and come back and continue which kind of defeats the purpose of having a timeout to begin with doesn't it? Half-hour is better but still not something I'd consider secure. I might employ sessions on a banking application but I wouldn't like doing it because of my historical experience with sessions to date. I'd be interested in hearing other opinions on when is the best time to use a session versus a session-level cookie. I still have colleagues who use sessions and occasionally I hear them complaining about a client timing out and loosing all their form data or edit session. Timeouts to a customer is one of the most frustrating things to deal with and it gives them a real good reason to leave. Also, if you have never had problems with unexplainable session timeouts in your applications please chime in. I might have more faith in them! :) Vince Jason Dunaway wrote: > Terry, > > Yes, the users who are timing out still have valid cookies. We have > built in some logging code that grabs as much information as possible > from the users who are timed out prematurely, and every time they have > values for the CFID, CFTOKEN, and JSESSIONID cookies. > > At this point, putting anything into the URL is not an option. The site > is huge and this would require lots of changes to resolve a problem that > only a fraction of the user base is experiencing. In addition, I > believe that throwing the session info in the URL is much less secure. > We've noted this as a "worst case scenario" solution but hope to find > out a better way of fixing this problem. > > Thanks for your feedback! > > -----Original Message----- > From: Bader, Terrence C CTR MARMC, 231 > [mailto:[EMAIL PROTECTED] > Sent: Thursday, April 05, 2007 9:02 AM > To: CF-Talk > Subject: RE: Session timeout problems > > "From what we've found, the CFID, CFTOKEN, and JSESSIONID are all still > valid cookies on the user side." - on the users having the issue and > not > just local been working users? just checking > > and have you tried just putting them in the url string for all your > links. > been awhile since I had to think about that, but if im not mistaken, > that > should avoid cookie problems all together. > > ~Terry > > -----Original Message----- > From: Jason Dunaway [mailto:[EMAIL PROTECTED] > Sent: Thursday, April 05, 2007 7:41 > To: CF-Talk > Subject: Session timeout problems > > Hi all, > > I'm having trouble with sessions timing out randomly. I have 2 days to > get > a fix together for this problem so any help is greatly appreciated. > Here > are the specifics: > > The website in question is heavily based upon user information. We > designed > a "user" component that is loaded in the session scope when the user > logs > in. This component contains all of the user's information as well as > methods dealing with the user's information. > > In the site's main application.cfm, we are checking to verity that > "session.userdata" is defined in order to access any page. If that > variable > is not defined, then we direct the user to a "session timeout" page that > requires them to log back in. Our goal is to have the session timeout > be > set at 2 hours. We've made sure that, on the coldfusion server admin > end, > everything is setup to 2hrs. In the application.cfm page, we're setting > the > application up like this: > > <cfapplication name="test" sessionmanagement="yes" > sessiontimeout="#CreateTimeSpan(0,2,0,0)#" setclientcookies="yes"> > > OK, so in theory this should be fine. Well, not so much. Most (like > 90% or > more) of our users DO NOT have any issues. They stay logged in for the > 2 > hours without any problems. In fact, we are unable to duplicate the > problem > but have confirmed that it's happening with some users. Every time the > view > a page the timer is reset and all is well. Well for quite a few users > we > are seeing that their sessions are timed out randomly, ranging from 3 > minutes all the way to 117 minutes! It is very strange. > > The site is on a cluster (2 servers), so we assumed that the "sticky" is > not > working correctly. Proxy server stuff also has been considered. We've > taken all of the steps necessary to eliminate both > possibilities.....we're > now running on 1 server and making sure that no pages are cached by > remote > proxies. > > I've been researching how coldfusion manages sessions. We are gathering > as > much data as we can when the timeout occurs. From what we've found, the > CFID, CFTOKEN, and JSESSIONID are all still valid cookies on the user > side. > For whatever reason the session scope variables are being wiped out > randomly. There has been no pattern to this, it's completely random and > the > data collected is not pointing in any one direction. > > If you have any advice, please respond. I've spent a lot of time > recently > trying to chase down this problem and I'm getting very annoyed by it. I > would sincerely appreciate any input. We are using CFMX 6.1. > > Any questions about what I've posted please let me know and I'll do my > best > to answer. > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| ColdFusion MX7 and Flex 2 Build sales & marketing dashboard RIAâs for your business. Upgrade now http://www.adobe.com/products/coldfusion/flex2?sdid=RVJT Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:274588 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
