I've had this issue for quite some time as well and here is a good wealth of information for youto do more research on! :)
1. track the CFID and watch it change when this occurs. IMHO thats one of the easiest ways to see this happening, I can re-create this almost flawlessly on some machines because of point 2 and everytime the session wipe occurs a new CFID and CFTOKEN is assigned as you would expect. 2. browser. See what browser is being used. We've found in 99% of the cases it was Internet Explorer and the same user would never run into this problem using Firefox or Opera. I did a lot of research over the course of a year and the best thing I could find was a feature coupled into IE 5+. There is a feature that on first run determines some configuration items based on your system memory and some other things. They set this up so multiple IE windows can remain active and if one crashes the others do not get affected. If you search the KB you will find about 5 articles on this (cant find my b-marks atm) detailing the feature and some comments on how it can affect sessions. 3. IIS Server. There is a feature in IIS 6 (possible 5 too I forget) that relates to isolating worker processes. If you search for more information on it there are several good articles showing how this feature will soft reset IIS to cycle it from hogging up too many unused resources and prevent it from locking up. It comes with a default time interval to do this with BUT it doesn't always follow it. If you examine your IIS logs you'll see it happens sometimes within 5 seconds of each other, sometimes the 1740 or whatever default minutes the next time etc etc. This process is VERY CONFUSING. IIS documentation states it will not interupt current thread processing BUT IT IS NOT CORRECT ( =\) because there is a KB articles stating you may see a loss of session handling when this occurs (lol). 4. Firewall. If you are using something like a Cisco ASA there are some security defaults that cut out a session if there is more than something like 4ms lag in the communication. If you have easy access to a reporting tool for your particular firewall(if you have one) its easy to spot this happening from obtaining an ip address of a customer having this issue. If you see a lot of disconnects or red spikes etc (however your software delineates it) there is a good chance this security feature can be cutting off communication and prematurely ending the session. This happens by design to help prevent session hijacking etc. If you're using CISCO theres a great set of writeups of it on the documentation CDs. We've had a serious problem with this for quite some time and I've consulted dozens of people without a lot of success. A few people pointed to a thresh hold in coldfusion session sizing but I've been unable to find any solid documentation on that. We have users that cannot maintain session -ever- for more than 5 minutes and a lot of it has to do with packet loss on their line ... but in some cases it is definitely Internet Exporer. I can confirm this because I experienced it on my second machine with one of our apps for over 4 months. I could re-create it 100% of the time on command. We had a report that would pop in a new window and everytime the session would push fwd to the new window no matter what we did. the next page hit in the parent window and ... boom ... session gone. One day they pushed a windows update to my machine (that had no references to IE by the way =\) and it fixed it forever :o ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJQ Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:274590 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
