Nick, If the session token is changing on every request then something is interfering with the setting of the cookie. If it is broken for only one browser on a computer, then I would suspect a problem with the browser settings or security software installed on the computer that only integrates with IE. Some iterations of IE 6 and 7 had various problems with cookies and sessions, but all those bugs were fixed long ago.
You use the phrase "client variable" in one spot. If you happen to be dealing with client variables instead of session variables, then those would be troubleshot differently. Caching can always be a problem, that is separate from session problems. If Bob visits his account information page, then Mary later visits her account information page, but sees Bob's information instead of her information, then that could be a caching issue unrelated to session variables. If you are showing personalized information on a site not protected by SSL, then you should consider disabling caching. -Mike Chabot On Fri, Dec 16, 2011 at 4:12 PM, Nick Gleason <n.glea...@citysoft.com> wrote: > > Hi Mike, > > Thanks for the follow up. It seems to only happen with certain computers > and only with IE (FF and Chrome work great). > > Since we can't re-create it here, it's hard to test, but I have seen at > least one example with a user where the cfid and cftoken changed on every > request. > > There is another, possibly unrelated, example where during a login where we > encode the attributes in client variables using wddx and the process does > not work (again, only with IE and only once in a while). It seems to get > fixed when cache is cleared in IE but we can't figure out why that would be. > One thing we are planning on trying is putting in code that will require a > reload (ie no use of cache) to see if that helps. > > Again, I appreciate the thoughts and suggestions. > > Nick > > > >> -----Original Message----- >> From: Mike Chabot [mailto:mcha...@gmail.com] >> Sent: Thursday, December 15, 2011 5:16 PM >> To: cf-talk >> Subject: Re: One app kills another's session >> >> >> Sometimes switching to J2EE sessions fixes odd session issues. If you >> are able to do this it might fix the problem. J2EE sessions work >> well.Try doing a site-wide search for the cfapplication tag to make >> sure there is only one in each site. Sometimes there are multiple >> cfapplication tags in a site that people forget about.It could be a >> proxy server or firewall messing with things. >> >> Does only one person see this problem? >> If one person has the problem and someone else logs into that person's >> computer, does the other person have the problem? >> Have the person that sees the problem try a different computer or a >> different browser. >> >> -Mike Chabot >> On Thu, Dec 15, 2011 at 12:22 PM, Bryan Stevenson >> <br...@electricedgesystems.com> wrote: >> > >> > Hey All, >> > >> > Can't say that I've bumped into this before..... >> > >> > 1) 2 apps are involved and both use SESSION vars to store user >> details >> > once they login. >> > >> > 2) Both apps are set to setClientCookies in CFAPPLICATION >> > >> > 3) App 1 uses a standard login form where credentials are verified >> and >> > the SESSION vars are set if successful >> > >> > 4) App 2 uses Windows Integrated Authentication to grab the user's ID >> > off the network and use that as part of the authentication process - >> > when successful...SESSION vars are set as in app 1 >> > >> > 5) Both apps have a different name in CFAPPLICATION ;-) >> > >> > 6) both apps reside on the same server running CF 8 against Oracle >> 10G >> > >> > Here's what happens on WinXP Pre SP 3 with IE 7: >> > --------------------------------------------------------------------- >> - >> > ------------------------------ >> > 1) Open new IE7 window and log in to app1 >> > >> > 2) Open new IE7 window and log in to app 2 >> > >> > 3) Go back to the browser with app 1 and try to navigate through app >> - >> > get kicked to session expired screen >> > --------------------------------------------------------------------- >> - >> > ------------------------------ >> > >> > This was tested by another user on XP with IE8 and the issue did not >> > occur. >> > >> > So I'm pretty sure this is an IE7 issue, but I'm a tad lean on things >> > to check....any ideas? >> > >> > TIA >> > >> > Cheers >> > -- >> > >> > >> > Bryan Stevenson B.Comm. >> > VP & Director of E-Commerce Development Electric Edge Systems Group >> > Inc. >> > phone: 250.480.0642 >> > fax: 250.480.1264 >> > cell: 250.920.8830 >> > e-mail: br...@electricedgesystems.com >> > web: www.electricedgesystems.com >> > >> > Notice: >> > This message, including any attachments, is confidential and may >> > contain information that is privileged or exempt from disclosure. It >> > is intended only for the person to whom it is addressed unless >> > expressly authorized otherwise by the sender. If you are not an >> > authorized recipient, please notify the sender immediately and >> > permanently destroy all copies of this message and attachments. >> > Please consider the environment before printing this e-mail >> > >> > >> > >> > >> >> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349210 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
