Are you sure something else is not going on dealing with domain cookies? If I come into a site as http://example.com and browse around - getting sesssionID in the process and tied to a cookie, then I hit a URL
http://www.example.com That's a different domain.... Unless you are hitting the same application with same domain you will get a new cookie... Or you need to have domain cookies set on on (<cfapplication ... setDomainCookies="yes" ...>). -Mark Mark A. Kruger, CFG, MCSE (402) 408-3733 ext 105 www.cfwebtools.com www.coldfusionmuse.com www.necfug.com -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Wednesday, February 25, 2009 11:37 AM To: cf-talk Subject: Client IP changes on SSL- tricks load balancer OK, I'm having troubles with session management on one of my sites which is mostly in HTTP but switches over to HTTPS when the user checks out and enters their credit card info, etc. What is happening is that occasionally people will get the "your session expired" message at the point that they redirect to the https URLs. This site uses 3 CF 8 servers in stand-alone mode behind a hardware firewall. What is happening is the client's IP address changes as soon as they hit the https pages on our site. I can only assume their corporation uses some special proxy for SSL traffic. When this happens, my loadbalancer doesn't seem to recognize them and ships them off to a different server where their session doesn't exist. The company hosting the load balancer has told me that it doesn't base session on IP address. Furthermore there is a cookie set on each client that says what web server they are on and the load balancer is "supposed" to be using that cookie to keep them on the correct server. (this isn't happening) I guess my questions are: 1) Can anyone confirm seeing the behavior of changing IP addresses over SSL? 2) Has anyone had it screw with their load balancer like I am seeing? 3) Aren't cookies encrypted over SSL anyway-- so how would my load balancer even see the cookies in the request? 4) Suggestions? Thanks. ~Brad ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:319802 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
