No we're not using a load balancer so that can't be it. Also the user ip is the same when they return from Paypal as when they left for Paypal.
> Do you have a load balancer? We have seen this were a sticky session > ( ip based ) is lost due to ipaddress changes on some mobile devices > causing the balancer to send a request to a different server causing > cf to loose the session > > Paul > > > On 04/07/2012, at 9:00 PM, David Wilson <[email protected]> > wrote: > > > > > We are experiencing an unusual error after launching our site. > > > > We have two options of payment for our app, Credit Card (using > Paypal to process the payment) and Paypal Express Checkout (which for > anyone who doesn't know, involves redirecting the user to Paypal and > then back to your site to confirm the purchase). > > > > My problem is happening with the Express Checkout method. I'll try > and break down what is happening is steps. > > > > !I SHOULD NOTE THIS IS ALL PROCESSED OVER HTTPS! > > > > 1. User fills out sign up form on our site, then selects Paypal as > payment option, then submits form. > > > > 2. Session variables are set based on the data the user entered. A > call is made to to Paypal using the API to get a Token for the > transaction. > > > > 3. Once the token is received, we apprend it to a paypal url and > redirect the user to that url (the Paypal site) > > > > 4. The user logs in, agree's to the transaction and is redirected > back to our site (Where their session should be waiting for them). > This is really where the problem is. Since launching we have had a few > random (seemingly) errors from someone who's session has been lost. I > noted the user_agent of the user was an iPad. Now, we have an iPad in > the office but we are able to sign up fine on it. As we can't > replicate the error we are finding it incredibly difficult to fix. > > > > I'm happy to provide any additional info anyone may think is useful, > I'm just a bit stumped as to what's going on and could use some advice. > > > > > Here are the relevant parts on my Application.cfc file. > > > > <cfscript> > > this.name = "Example"; > > this.setclientcookies="yes"; > > this.sessionmanagement="yes"; > > this.sessiontimeout= CreateTimeSpan(0,0,15,0); > > this.setdomaincookies="yes"; > > </cfscript> > > > > <!--- > ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: > :::::::: ---> > > <cffunction name="onSessionStart" returnType="void" > output="false"> > > > > <!--- I have a feeling this could be the culprit but I'm not sure > how. This is legacy code from a previous developer. ---> > > > > <cfcookie name="CFID" value="#Session.CFID#" > domain=".example.com" httponly="true"> > > <cfcookie name="CFTOKEN" value="#Session. > CFTOKEN#" domain=".example.com" httponly="true"> > > > > > > </cffunction> > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:351800 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
