Actually, this is not ColdFusion’s fault; it is a browser issue. Here’s what happens:
A user logins into your application, navigates through it, and then, inexplicably, gets booted out or not recognized. Sometimes it is just one page that seems to be the problem, sometimes several. Sometimes it is one browser, say IE, and not another, say FF.
What is crazy about this is that the application has, for all intents and purposes, worked correctly up to this point. The problem seemed to occur out of the blue. (Personally, I think it happened at the same time said user switched to IE7, but that is just my opinion.) And, what is also wonderful about this is that oftentimes you cannot recreate it. The user just screams and screams while you pull your hair out.
If and when you can recreate it, when you output the CFID and CFTOKEN tags you notice that they are different for the same user. They should not be. They never left the application.
For me the solution was simple. My application was using ‘www’ in the domain name on some pages and not on others as in www.mysite.com vs. mysite.com. The browser interpreted this as two different sites and made no association with the CFID/CFTOKEN cookies set by the application.cfm. So, ColdFusion reset them and bye-bye went my session variables.
Now, if this happens between http and https sites I do not know since this was not using a certificate. So, for that, you will have to figure it out.
This really frustrated me and I hope it helps someone else.
If this post helped you out, please consider donating to help pay the hosting fees. 100% of the donations go to the web host.
Google+
RSS
Twitter
62 Comments
Nice work, BosDog.
If you want to post your code give it another try. I just added a plugin to display code in comments. If you see code below this, it's working:
<a href="verybadlink.cfm">Link</a>
AHA. I finally figured it out after lots of google searching. In my application.cfc I needed to add the domain=”" to my cookie in the OnSessionStart function.
Not sure why this only affect SOME IE7 users and not others (it must be some sort of registry settings or something like that).
by adding the domain name in the following the issue was solved by all users!
………..rest of cffunction code here……
HOPE THIS HELPS ANY ONE ELSE!
i dont think so (at least in my case). i’m seeing the cfid and cftoken sessions alive in my CF8 admin. its just that some users’ machines are not picking up the sessions based onthe cfids?
Basically what I think is happening is the session is timing out on the server before in the application. So what I do now is if I get this error, I capture it and then set the session timeout to 1 second. After 1 second I restart the session.
I too am having this issue. So bizarre. I’m using an internal intranet behind my company firewall so its not a www issue.
It’s definintely related to upgrading to IE7 and not all users have the issue. I’m hoping though as more users update it doesn’t become one. I’ve sort of looked at it as a “black bug” either with IE or Coldfusion.
Any update on this? I’m pulling my hair out! You think it has anything to do with Windows registry? My client variables setting in CF8 Admin is set to Registry for a default storage mechanism for client machines. Not sure how that works though.
Hmmmmmm. I just started having this problem. Everything was working fine and then it all came crashing down because I’m using the J2EE with Session.sessionid to keep track of each user and now I get the error that session.sessionid does not exist. I dumped the session and sure enough all I have is the URL token. I tried killing the sessions and starting again but same thing. It won’t give me a sessionid. Weeeeeeerd. Unfortunately this is on a shared host so I can’t see what is going on in the backend. But it WAS working. [and the client just nods and says "uh huh. sure it was"]
Hey guys,
I also just inherited an app at work and am also having this problem… but I think I may have narrowed it down to a very specific scenario because of the nature of the code I am looking at. I am not at my desk right now, but tomorrow I will post a little insight and maybe it will clear things up for all.
Sorry it took so long to get back here. Since my last post I’ve done the folowing:
- merged the problem app into the same domain as a related app which has been behaving
- consolidated CFIDE folders…I’m using the tabs in CF 8 and had multiple versions of the CFIDE folder to generate different coloured tabs depending on clien preferences
- reduced the number of session vars being used to 20,
- made sure that all session var names were the same case (grasping a straws on that one)
While thre is definite improvement, there are still vars being dropped for no apparent reason. Sometimes the var will get dropped between the time the user fills out a form and the the update page is called via the submit button.
Can’t think of anything else to do at this point… other than a different profession
No luck yet. Turning J2EE session management did’t change anything. I’m wondering if CF has issues supporting multiple domains?
Sorry for the delay in replying…been a hectic day. Jen, I’ve emailed the application.cfc file to you.
Sycamore: I don’t think so…I’m using a single server with CF8..setClientCookies is true, setDomainCookies is false.
Jen: I’ve tried having J2EE session management both on and off, there doesn’t seem to be any difference with respect to this issue. I’ve also tried moving the entire app to a new domain… it was previously in a subdomain where the primary domain was hosting another app…after checking the logs though, no change. I’m going to try turning J2EE off again.
Thanks for the input!