Several (most? all?) post-CF9 hot fixes apply to CF8 as well. :-)
On Thu, Dec 15, 2011 at 3:37 PM, Bryan Stevenson < [email protected]> wrote: > > Thannks Pete, > > Same domain....yes.....but you speak of a recent hotfix....well this is > CF 8 ;-) > > Thankfully I have been told to shelve this issue for other major > priorities, but thanks for the tips...I may need to come back to this at > some point. > > Cheers > > On Thu, 2011-12-15 at 14:52 -0500, Pete Freitag wrote: > > > Bryan, > > > > Are these apps running on the same domain or different domains, if > > they are on the same domain then you will need to specify the path in > > your session cookies so they don't invalidate each other (this > > relatively new behavior due to the session fixation security hotfix > > APSB11-04 released in Feb). > > > > Also if you are experiencing a cookie problem on one browser but not > > another make sure you have cleared cookies first. > > > > -- > > Pete Freitag - Adobe Community Professional > > http://foundeo.com/ - ColdFusion Consulting & Products > > http://petefreitag.com/ - My Blog > > http://hackmycf.com - Is your ColdFusion Server Secure? > > > > > > > > > > On Thu, Dec 15, 2011 at 12:22 PM, Bryan Stevenson > > <[email protected]> wrote: > > > > > > Hey All, > > > > > > Can't say that I've bumped into this before..... > > > > > > 1) 2 apps are involved and both use SESSION vars to store user details > > > once they login. > > > > > > 2) Both apps are set to setClientCookies in CFAPPLICATION > > > > > > 3) App 1 uses a standard login form where credentials are verified and > > > the SESSION vars are set if successful > > > > > > 4) App 2 uses Windows Integrated Authentication to grab the user's ID > > > off the network and use that as part of the authentication process - > > > when successful...SESSION vars are set as in app 1 > > > > > > 5) Both apps have a different name in CFAPPLICATION ;-) > > > > > > 6) both apps reside on the same server running CF 8 against Oracle 10G > > > > > > Here's what happens on WinXP Pre SP 3 with IE 7: > > > > ---------------------------------------------------------------------------------------------------- > > > 1) Open new IE7 window and log in to app1 > > > > > > 2) Open new IE7 window and log in to app 2 > > > > > > 3) Go back to the browser with app 1 and try to navigate through app - > > > get kicked to session expired screen > > > > ---------------------------------------------------------------------------------------------------- > > > > > > This was tested by another user on XP with IE8 and the issue did not > > > occur. > > > > > > So I'm pretty sure this is an IE7 issue, but I'm a tad lean on things > to > > > check....any ideas? > > > > > > TIA > > > > > > Cheers > > > -- > > > > > > > > > Bryan Stevenson B.Comm. > > > VP & Director of E-Commerce Development > > > Electric Edge Systems Group Inc. > > > phone: 250.480.0642 > > > fax: 250.480.1264 > > > cell: 250.920.8830 > > > e-mail: [email protected] > > > web: www.electricedgesystems.com > > > > > > Notice: > > > This message, including any attachments, is confidential and may > contain > > > information that is privileged or exempt from disclosure. It is > intended > > > only for the person to whom it is addressed unless expressly authorized > > > otherwise by the sender. If you are not an authorized recipient, please > > > notify the sender immediately and permanently destroy all copies of > this > > > message and attachments. > > > Please consider the environment before printing this e-mail > > > > > > > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349175 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
