Hi there, Thanks for your follow up post. It definitely seems that we have something similar going on. We have switched some features to be less dependent on sessions and more on other scopes. That has worked ok but longer term we want sessions to work consistently. It's been very difficult because it happens very sporadically. I did see a post on an adobe forum about a similar sounding issue (jsession sessionid restarting on each request) that suggested that IIS might be doing a per request re-direct of some kind. If I am recalling this correctly, the thread suggested clearing out old IIS ColdFusion Connectors as a solution. That was a pretty sparse description, so I can't say what the next step would be. If you, or anyone on this thread, can suggest how best to find an identify the IIS connectors, that would be great. We are using IIS 7.5. Rolling back the session fixation fix did not make a difference for us. That makes sense in that this fix has been out for a year or so and these problems just started a few weeks ago. We have been updating our security filters for XSS and other attacks and I am wondering if this could interfere with browser sessions in some way. But, that's a wild guess at this point until we do some more testing. Nick
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357981 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
