G'morning, all, I'm having some difficulties, and searching through the archive brought up 2 previous posts. I couldn't find any replies to the original posts, and rather than retype the entire scenario, I'm going to butcher them a bit to combine the two, as they seem to be very similar to my problem. If anyone has any ideas, I (and my boss) would be most appreciative! (Thank you Dana and Sean for forming your questions in a better way than I could have). Thanks, ~Brian Brian Ledwith Learning Express www.LearnATest.com ph. 212.995.2566 x150 fx. 212.995.5512 --- My compilation --- Part 1 A client recently set up a proxy server in his office and a site we did for them stopped working. From what I can tell, CFID and CFTOKEN are not getting passed through the proxy, and thus sessions are not working.Cookies set with <cfcookie> *do* work fine, so it is not cookies in general that are failing. Here is my <cfapplication> file: <cfapplication name="LearnX_Com_livesite" clientmanagement="Yes" clientstorage="ClientVars" sessionmanagement="Yes" setclientcookies="Yes" sessiontimeout="#createtimespan(0,6,0,0)#" applicationtimeout="#CreateTimeSpan(1,0,0,0)#" SETDOMAINCOOKIES="Yes"> I assume it is the proxy, because if I turn off the proxy in their office and connect directly, it all works fine. When I turn confirm cookies on, it does not ask me if I want to allow the CFID and CFTOKEN to be set. If I surf without the proxy, it does. Part 2 I have a members-only service to which visitors log in with a user name and password. I keep track of the visitors identity and membership status with client variables referenced to cftoken and cfid BOTH in a cookie AND in a url.variable for those running without cookies. The best I've been able to come up with is something along the lines of User 1 comes in to Server 1 and gets assigned to Session A. User 2 comes in to the back up, Server 2, which keeps its own session count and gives User 2 Session A. User 2 then returns to the site during a period of less activity, is identified by Server 1 as Session A and is associated with User 1. Makes sense? Of course not. The client variables are stored in a single central db used by both servers. So even if someone was redirected to a backup server mid-session, the system should keep their identity straight. (I've since enabled session aware load management in Cluster Cats.) --- The 2 original posts --- -----Original Message----- From: Dana Larose Subject: Cookies & Sessions & Proxies - Oh my! Date: Thu, 26 Oct 2000 14:36:12 -0700 Hey everyone, I've just run into some quirkiness this afternoon, and I thought I would seek some insight. A client recently set up a proxy server in his office and a site we did for them stopped working. From what I can tell, CFID and CFTOKEN are not getting passed through the proxy, and thus sessions are not working. Cookies set with <cfcookie> *do* work fine, so it is not cookies in general that are failing. Here is my <cfapplication> file: <cfapplication name="SomeName" clientmanagement="Yes" setclientcookies="Yes" sessionmanagement="Yes" sessiontimeout="#CreateTimeSpan(0,0,30,0)#"> So, if I understand things, CFID and CFTOKEN should be stored as in-memory cookies, but it doesn't seem to be working. I assume it is the proxy, because if I turn off the proxy in their office and connect directly, it all works fine. When I turn confirm cookies on, it does not ask me if I want to allow the CFID and CFTOKEN to be set. If I surf without the proxy, it does. Has anyone encountered this before? Is there a work-around? Dana Larose -----Original Message----- From: Sean German Subject: cluster cats confusing client sessions? Date: Thu, 17 Aug 2000 14:40:50 -0700 Howdy, Over the past couple days I've had several instances of members of my site seeing account information of other members. I have a members-only service to which visitors log in with a user name and password. I keep track of the visitors identity and membership status with client variables referenced to cftoken and cfid either in a cookie or in a url.variable for those running without cookies. We've been up for about two years and never had this type of issue before the last week or so. The only event I can come up with that roughly correlates to the onset of the issue is a period last week of higher than usual traffic that caused Cluster Cats to load-balance a lot of folks to our back up server. The best I've been able to come up with is something along the lines of User 1 comes in to Server 1 and gets assigned to Session A. User 2 comes in to the back up, Server 2, which keeps its own session count and gives User 2 Session A. User 2 then returns to the site during a period of less activity, is identified by Server 1 as Session A and is associated with User 1. Makes sense? Of course not. The client variables are stored in a single central db used by both servers. So even if someone was redirected to a backup server mid-session, the system should keep their identity straight. (I've since enabled session aware load management in Cluster Cats.) Any ideas? While we don't anything as critical as credit card data online, this is a very not good thing to have happen. BTW, running CF 4.0.1 on NT4 SP5 with Cluster Cats build 356, MS SQL7 SP2 TIA!! Sean G. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists