Skip navigation
FSUKXAZ
FSUKXAZ
Currently Being Moderated

Session Variables Not Sticking

Jun 13, 2012 12:07 PM

We are having issue with Session variables sticking from page to page in our Admin area of our website. You can login, but as soon as you click on another link (or anything) they drop.  

 

It's not a code issue because we have the same code on 2 other networks and it works fine. We also have the same code on our backup website on the same network and it works fine.  The backup is on a different server in a different location. So that's 3 networks the code is running fine on. It even worked on this network on the main website up until about 9 months ago. I've verified/reverified the code mutiple times. Something must have happened with security patches, some IIS setting, or other server related issue.  We are running 2003 Windows Server Edition SP2 and Coldfusion version 8,0,1,195765. 

 

The browsers used are IE7 and IE8. I don't think it's a browser issue because I can open another tab in the same browser and login and stay logged in on the website on another network.  We have already gone into browser advanced settings to make sure session variables are allowed. We've also had a couple of other admins look at it from various locations throughout the Country and they also cannot stay logged in on our main site. They can all stay logged in on the backup site. 

 

Frustrating beyond belief. I'm betting it's a Microsoft issue.  Anybody out there have a similar issue or know what it might be?

2491 Views   16 Replies   Latest reply: PerezG99, Jan 18, 2013 6:30 AM
 
Replies
  • BKBK
    Currently Being Moderated
    1. BKBK,
    Jun 13, 2012 12:24 PM   in reply to FSUKXAZ
    Report

    FSUKXAZ wrote:

     

    We are having issue with Session variables sticking from page to page in our Admin area of our website. You can login, but as soon as you click on another link (or anything) they drop.  

    What drops? I'm not trying to be funny. That is your crucial point, yet I really don't understand what you mean. Is it possible to navigate between pages, but without login (for example, getAuthUser() returns a blank string)?

     
    |
    Mark as:
  • wcx08
    Currently Being Moderated
    2. wcx08,
    Jun 14, 2012 8:33 AM   in reply to FSUKXAZ
    Report

    I've been having a similar issue as well.  It started happening after I installed a security hotfix for ColdFuson 9.0.  The only browsers it seems to happen on are IE7, IE8, and sometimes IE9.  I've read others having the same problems, only with IE browsers.  Nothing in our code has changed, yet the sessions seem to get reset or don't occurr at all.  This is code that has been working for about ten years now, suddenly broken.  I'm not sure if it's an update for IE that Microsoft has made with the way it handles sessions?  I'm in the process of reinstalling our ColdFusion instance in hopes to fix this problem.

     
    |
    Mark as:
  • FSUKXAZ
    Currently Being Moderated
    3. FSUKXAZ,
    Jun 14, 2012 8:36 AM   in reply to wcx08
    Report

    Thanks. Sounds exactly like what I'm dealing with. Let me know what happens.

     
    |
    Mark as:
  • FSUKXAZ
    Currently Being Moderated
    4. FSUKXAZ,
    Jun 14, 2012 8:44 AM   in reply to BKBK
    Report

    The session variables (all 5 that I set) drop. So when you go to the next page they are no longer there.  That's fine if it's not an admin page that requires logging in. Yes, you can navigate between pages. However, all the admin pages require login (where session variables are set) so the pages get the error routine which kicks them back out to the login screen telling them that they have to be logged in to view that page. Basically, something changed outside of my realm as a programmer.  That change made the code stop working. I want to find out what that change may be... so I can tell the server or network people what it is so that they can fix it.

     
    |
    Mark as:
  • Aquitaine
    Currently Being Moderated
    5. Aquitaine,
    Jun 14, 2012 12:51 PM   in reply to FSUKXAZ
    Report

    Dump your session on each page. Is the JSESSIONID changing between every page?

     

    If so, it sounds like a similar issue we had upgrading from CF8 to CF10 where some CF8 handlers got left in IIS and it would kill the session any time you navigated to a directory rather than a file, e.g. admin/ and not admin/index.cfm.

     

    We didn't discover that part until after we'd already just deleted the site in IIS and re-added it, which also solved the problem.

     
    |
    Mark as:
  • BKBK
    Currently Being Moderated
    6. BKBK,
    Jun 15, 2012 12:10 AM   in reply to FSUKXAZ
    Report

    Have you ruled out the obvious? Assuming you're using Application.cfc, verify (it might also help to let us know) the values of:

     

    this.sessionmanagement

    this.sessiontimeout

    this.loginStorage

    this.setClientCookies

     
    |
    Mark as:
  • Steve Sommers
    Currently Being Moderated
    7. Steve Sommers,
    Jun 15, 2012 8:53 AM   in reply to FSUKXAZ
    Report

    I've experienced a similar problem with CF8 using IE8. I've narrowed it down to being cookie related which causes CF to loose the existing session and create a new session. For me, I can consistently duplicate the issue by having multiple tabs open to various sites and then accessing my site to login -- login is successful but the first page request is treated as unauthorized because the session is empty. If I shutdown and restart the browser and bring up only my site, everything works fine. And once I'm logged in, I have never lost a session by opening other tabs. And this has never failed using Firefox or Safari. What is very strange is that I have multiple sites using CF8 and CF9 and only one exibits this behaviour.

     
    |
    Mark as:
  • FSUKXAZ
    Currently Being Moderated
    8. FSUKXAZ,
    Jun 15, 2012 8:56 AM   in reply to Aquitaine
    Report

    We're not navigating to directories, but exact pages... and the JSESSIONID, CFID, & CFTOKEN are all changing between each page.  The session variables no longer exist when navigating to different pages.  As I stated above were on CF8 and that the exact same code works on 3 different networks including the backup site on this network.

     
    |
    Mark as:
  • FSUKXAZ
    Currently Being Moderated
    9. FSUKXAZ,
    Jun 15, 2012 9:03 AM   in reply to Steve Sommers
    Report

    The issue exists whether I have just the one tab open or multiple tabs. Closing the browser, clearing the cache, and punching the monitor also haven't worked. Still have the same problem.  I work in a government/military environment and only IE browsers are allowed.

     
    |
    Mark as:
  • FSUKXAZ
    Currently Being Moderated
    10. FSUKXAZ,
    Jun 15, 2012 9:09 AM   in reply to BKBK
    Report

    Again, it's not code related. Yes,there is an ap CFC and those variables exist... which is why it works on the 3 other networks websites and the backup site on this network.  Lets focus on where the issue is and not the code that works.

     
    |
    Mark as:
  • Steve Sommers
    Currently Being Moderated
    11. Steve Sommers,
    Jun 15, 2012 9:10 AM   in reply to FSUKXAZ
    Report

    I normally debug issues like this using Firebug with Firefox, thus why I have not spent any time looking further into the issue. I'm sure there is something similar to Firebug for IE out there. If someone determines the issue, I would love to hear what it is/was.

     
    |
    Mark as:
  • Steve Sommers
    Currently Being Moderated
    12. Steve Sommers,
    Jun 15, 2012 9:14 AM   in reply to FSUKXAZ
    Report

    Since you mentioned multiple sites or networks and only one experiencing the issue, may your browser has cookies disabled for this site or network? Maybe it's falling into a different IE security zone which has cookies disabled?

     
    |
    Mark as:
  • BKBK
    Currently Being Moderated
    13. BKBK,
    Jun 15, 2012 10:38 AM   in reply to FSUKXAZ
    Report

    FSUKXAZ wrote:

     

    I'm betting it's a Microsoft issue

    Could IIS be performing some redirection?

     
    |
    Mark as:
  • BSW2
    Currently Being Moderated
    14. BSW2,
    Sep 6, 2012 9:58 AM   in reply to FSUKXAZ
    Report

    How was this issue fixed.  I am having the same problem.

     
    |
    Mark as:
  • Aquitaine
    Currently Being Moderated
    15. Aquitaine,
    Sep 6, 2012 10:00 AM   in reply to BSW2
    Report

    It's leftover connectors from CF8. Check the IIS ISAPI connectors and you'll see CF8 still in there. Remove those and you should be fine.

     
    |
    Mark as:
  • PerezG99
    Currently Being Moderated
    16. PerezG99,
    Jan 18, 2013 6:30 AM   in reply to FSUKXAZ
    Report

    Have you tested with compatibility view turned on/off?

     
    |
    Mark as:
Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points