Actually, this is not ColdFusion’s fault; it is a browser issue. Here’s what happens:
A user logins into your application, navigates through it, and then, inexplicably, gets booted out or not recognized. Sometimes it is just one page that seems to be the problem, sometimes several. Sometimes it is one browser, say IE, and not another, say FF.
What is crazy about this is that the application has, for all intents and purposes, worked correctly up to this point. The problem seemed to occur out of the blue. (Personally, I think it happened at the same time said user switched to IE7, but that is just my opinion.) And, what is also wonderful about this is that oftentimes you cannot recreate it. The user just screams and screams while you pull your hair out.
If and when you can recreate it, when you output the CFID and CFTOKEN tags you notice that they are different for the same user. They should not be. They never left the application.
For me the solution was simple. My application was using ‘www’ in the domain name on some pages and not on others as in www.mysite.com vs. mysite.com. The browser interpreted this as two different sites and made no association with the CFID/CFTOKEN cookies set by the application.cfm. So, ColdFusion reset them and bye-bye went my session variables.
Now, if this happens between http and https sites I do not know since this was not using a certificate. So, for that, you will have to figure it out.
This really frustrated me and I hope it helps someone else.
If this post helped you out, please consider donating to help pay the hosting fees. 100% of the donations go to the web host.