Problem with Client Variables not persisting.
I've got a strange problem here that I need some help figuring out. We have a site running on 8 load balanced CF 9 servers. We're doing a lot of stuff with Client Variables, and all of our code works fine in development/staging, but in production none of the client variables persist. After digging in to it, I find that we're getting a new CFID/CFTOKEN on every page request, which explains why the variables don't persist from page to page. My question is, could this be a problem at the load balancer? If sticky sessions were not enabled or configured correctly, wouldn't it cause this? My gut tells me yes, but I wanted to see if any of you have run into this. Thanks! Eric. http://www.cfgears.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:346384 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Problem with Client Variables not persisting.
I (used to) maintain a server with an app that did this as well. The code on staging worked, but was at CF9 with no patches. The production server was at 901. Staging had no firewall, but production is in a DMZ. We never did determine a why for this happening, and it ONLY happened on calls made by the server to itself (cfhttp, cfdocument, etc). We boiled it down to something that changed with CF901 that's not documented. My only recommendation was to move off of client variables to a different shared session scope. -- Matthew Williams Geodesic GraFX www.geodesicgrafx.com/blog twitter.com/ophbalance ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:346385 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Problem with Client Variables not persisting.
Hi Eric, Yes if sticky sessions were not working or configured properly on your load balancer that would certainly cause you to get new CFID/CFTOKEN on each request. As of the ColdFusion security patch for session fixation (APSB11-04) if the CFID/CFTOKEN values do not correspond to a valid session on the server it will return new ones. In prior versions of CF it would just create a new session with the CFID/CFTOKEN values that were sent. The problem with that is that your session id's can last a long long time. You can actually disable the session fixation patch by adding a JVM argument: –Dcoldfusion.session.protectfixation=false but I'm not sure that you want to, first I'd double check that your load balancer has sticky sessions setup properly. One way you could validate that would be to create a page that returned something unique to each server in the cluster (eg it's IP address, or CF serial number) then hit that page, if it keeps changing then you are hitting different servers. -- Pete Freitag - Adobe Community Professional http://foundeo.com/ - ColdFusion Consulting Products http://petefreitag.com/ - My Blog http://hackmycf.com - Is your ColdFusion Server Secure? On Thu, Jul 28, 2011 at 8:41 AM, Eric Cobb cft...@ecartech.com wrote: I've got a strange problem here that I need some help figuring out. We have a site running on 8 load balanced CF 9 servers. We're doing a lot of stuff with Client Variables, and all of our code works fine in development/staging, but in production none of the client variables persist. After digging in to it, I find that we're getting a new CFID/CFTOKEN on every page request, which explains why the variables don't persist from page to page. My question is, could this be a problem at the load balancer? If sticky sessions were not enabled or configured correctly, wouldn't it cause this? My gut tells me yes, but I wanted to see if any of you have run into this. Thanks! Eric. http://www.cfgears.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:346386 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Problem with Client Variables not persisting.
Eric, What LB product are you using? I have used pound in the past and with no sticky sessions the client vars persisted just fine. Oh and can I borrow your saw and drill next week? I want to make some nightstands :-D -J.J. On Thu, Jul 28, 2011 at 7:41 AM, Eric Cobb cft...@ecartech.com wrote: I've got a strange problem here that I need some help figuring out. We have a site running on 8 load balanced CF 9 servers. We're doing a lot of stuff with Client Variables, and all of our code works fine in development/staging, but in production none of the client variables persist. After digging in to it, I find that we're getting a new CFID/CFTOKEN on every page request, which explains why the variables don't persist from page to page. My question is, could this be a problem at the load balancer? If sticky sessions were not enabled or configured correctly, wouldn't it cause this? My gut tells me yes, but I wanted to see if any of you have run into this. Thanks! Eric. http://www.cfgears.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:346387 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Problem with Client Variables not persisting.
Thanks Pete, Our host said they are having problems with the load balancer, so it looks like that's the problem. I was thinking about putting something out there to identify which server I was hitting. I'll probably put some type of small flag in a comment on the pages so I can just view source any time and know which server I'm on. From: Pete Freitag p...@foundeo.com Sent: Thursday, July 28, 2011 9:34 AM To: cf-talk cf-talk@houseoffusion.com Subject: Re: Problem with Client Variables not persisting. Hi Eric, Yes if sticky sessions were not working or configured properly on your load balancer that would certainly cause you to get new CFID/CFTOKEN on each request. As of the ColdFusion security patch for session fixation (APSB11-04) if the CFID/CFTOKEN values do not correspond to a valid session on the server it will return new ones. In prior versions of CF it would just create a new session with the CFID/CFTOKEN values that were sent. The problem with that is that your session id's can last a long long time. You can actually disable the session fixation patch by adding a JVM argument: –Dcoldfusion.session.protectfixation=false but I'm not sure that you want to, first I'd double check that your load balancer has sticky sessions setup properly. One way you could validate that would be to create a page that returned something unique to each server in the cluster (eg it's IP address, or CF serial number) then hit that page, if it keeps changing then you are hitting different servers. -- Pete Freitag - Adobe Community Professional http://foundeo.com/ - ColdFusion Consulting Products http://petefreitag.com/ - My Blog http://hackmycf.com - Is your ColdFusion Server Secure? On Thu, Jul 28, 2011 at 8:41 AM, Eric Cobb cft...@ecartech.com wrote: I've got a strange problem here that I need some help figuring out. We have a site running on 8 load balanced CF 9 servers. We're doing a lot of stuff with Client Variables, and all of our code works fine in development/staging, but in production none of the client variables persist. After digging in to it, I find that we're getting a new CFID/CFTOKEN on every page request, which explains why the variables don't persist from page to page. My question is, could this be a problem at the load balancer? If sticky sessions were not enabled or configured correctly, wouldn't it cause this? My gut tells me yes, but I wanted to see if any of you have run into this. Thanks! Eric. http://www.cfgears.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:346388 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Problem with Client Variables not persisting.
I really don't have any idea what LB they're using. Whatever it is, they're having problems with it so I blame it on that. :) Sure thing, I'll get up with you this weekend. :) From: J.J. Merrick j...@cyber-jay.com Sent: Thursday, July 28, 2011 9:48 AM To: cf-talk cf-talk@houseoffusion.com Subject: Re: Problem with Client Variables not persisting. Eric, What LB product are you using? I have used pound in the past and with no sticky sessions the client vars persisted just fine. Oh and can I borrow your saw and drill next week? I want to make some nightstands :-D -J.J. On Thu, Jul 28, 2011 at 7:41 AM, Eric Cobb cft...@ecartech.com wrote: I've got a strange problem here that I need some help figuring out. We have a site running on 8 load balanced CF 9 servers. We're doing a lot of stuff with Client Variables, and all of our code works fine in development/staging, but in production none of the client variables persist. After digging in to it, I find that we're getting a new CFID/CFTOKEN on every page request, which explains why the variables don't persist from page to page. My question is, could this be a problem at the load balancer? If sticky sessions were not enabled or configured correctly, wouldn't it cause this? My gut tells me yes, but I wanted to see if any of you have run into this. Thanks! Eric. http://www.cfgears.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:346389 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm