check cflocation tags have the addtoken="no" attribute set, as this is a common cause of this problem. get yer locks in place. create a page to kill all session variables so people can kill their session when this happens and start again.
-----Original Message----- From: Robertson-Ravo, Neil (REC) [mailto:[EMAIL PROTECTED]] Sent: 10 October 2002 12:58 To: '[EMAIL PROTECTED]' Subject: [ cf-dev ] Infamous Session 'Stealing' Guys, we have inherited a CF 4.5.x system where none of the shared scope variables are locked at all and where the CFID and CFTOKEN are present in every link. The login security uses session vars. There is a scenario where one person in a building can login to the system and another person, in the same building can login and gain access to the other persons session; I am leaning toward the fact that since the variables are free of locks the problem is there, but it could also be an issue where the IP addresses are the same due to corporate networks etc... Anyone else give any more info on this age old problem before I start pointing fingers :-) Thanks Neil -- ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED] -- ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED]
