Dear Doug, I suggest that you study closer how the session scope work. Unfortunately (for you) the "problem" you described is not a problem and the session vs. browser behaves exactly as it supposed to or how it was meant to work.
How does it work? Session variables, as other shared scope variables are stored in memory on the server, however because of stateless state between the requests there has to be some values (flags) passed to the server in order for server retrieve appropriate session variables (variables for currently logged user.) This transparency (to hold the session alive) between the requests is maintained by CFID and CFTOKEN. CFID and CFTOKEN are by default written in the cookie and developer does not have to pay attention to it. However if there is a chance that user will be not allowed to use cookie or not required to turn them on then you should programmatically make sure that the values CFID and CFTOKEN are not lost between the request. That is accomplished by passing the values between the requests in URL scope. When relocating with CFLOCATION the ADDTOKEN="" hat to be set to true. When submitting the form the method GET can be used or string has to be appended to the action Query String. In fact, the CFID and CFTOKEN in the URL scope take over the values in cookie and cookie are overwritten whenever these values exist. So here is your solution make sure you're passing CFIF and CFTOKEN cross the whole application and that way you could have multiple browsers open on the same machine the same time. In conclusion, are you going to have multiple users logged on the same machine at the same time? I cannot really see the future of it. Consider passing CFID and CFTOKEN to avoid no cookie problems when they are turn off rather then allow users to work on the same machine at the same time using the same browser. Rastislav Toscak Senior Applications Developer Computer Horizons Corp. Tel : 973.884.5228 Fax : 973.884.5342 [EMAIL PROTECTED] http://www.computerhorizons.com -----Original Message----- From: Doug Cain [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 02, 2001 8:47 AM To: Spectra-Talk Subject: Session scopes and browsers I am having a tussle with session scopes at the moment. It may be I have the wrong end of the stick or am missing something obvious but... The scenario is simple, I have an app which dynamically assigns a brand based on the user login. All works fine until you open a second browser on the same machine and login as another user. User preferences are kept in the user profile and that works fine but some of the navigation information for that session sits in session variables. The problem seems to be that the session variables from the first browser are shared with the second browser. Simple tests of cfparaming a session variable in application.cfm with the current time prove this. It works as expected from a different machine or even a different browser type but seems shared between local browsers. If I look at request.cfa.session.sessionid it is different for each open browser as you would expect but all normal session variables seem to be shared. Looking at cfa_session doesn't give me any clues as this seems to just setup the reqest.cfa.session structure. It is obviously there for a reason but I don't know why or what uses could be made of it except creating a session variable based on request.cfa.session.sessionid. Any clues as to the behaviour of session variables in multiple (same type ie6) browser windows on the same machine would be helpful... Or the uses of the cfa_session tags. The same is true for client variables. Thanks Doug Cain The Online Courseware Factory ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm ------------------------------------------------------------------------------ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/spectra_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
