I recently found the reason we were seeing two sets of cfid and cftoken
cookies. We had code similar to this running:
<cfif myvars.KillSessionOnClose and IsDefined("cookie.CFID")>
<cfset variables.LocalCFID=cookie.CFID>
<cfset variables.LocalCFToken=cookie.CFToken>
<cfcookie name="CFID" value="#variables.LocalCFID#">
<cfcookie name="CFToken" value="#variables.LocalCFToken#">
</cfif>
Should be a familiar bit of code to everyone - it converts the browser
cookies to session cookies so closing the browser kills the session. Once
I flipped the setting to shut this off I stopped seeing the second set of
cfid/cftokens (If I had named the domain in the cfcookie statement this may
also have served the same purpose). However, overall the 'rotating'
sessions no longer seem to be occurring based on user reports etc. so this
was causing no problems currently, and it certainly never caused problems
for many years before the rollover described earlier in this thread.
On Wed, Mar 19, 2014 at 1:58 PM, Nick Gleason <n.glea...@citysoft.com>wrote:
>
> We finally resolved this issue.
> First, a big thanks as always to everyone who commented and helped us along
> on this thread.
> Second, here is the resolution. In our case, the problem was some enhanced
> security filters that we put place recently. One of the scopes being
> scanned was the cookie scope. This was working for the most part but would
> result in these sporadic failures which were hard to pinpoint. The key
> clue was that we realized that the cookie.jsessionid was remaining
> persistent but the session.sessionid variable was not "sticking" - those
> two should be the same. Once we started focusing more on the cookies, we
> eventually realized what the problem was.
> This issue may not be applicable to others, but if your sessions are
> resetting with every request, you may want to take a closer look at your
> cookies and how they are tied to your sessionid.
> I still don't truly understand how a sessionid could change without a
> change to the underlying cookie, but that appears to be what happened.
> Nick
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358136
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
