cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0
Upvote

Session per browser instance

WorkRequest
New Here ,
Aug 21, 2006 Aug 21, 2006

Copy link to clipboard

Copied

After we upgraded from CFMX 6.0 to 6.1, we encounter some session problem. Sometimes other users can see someone's login info.
Then I enable the J2EE session variables, that problem seem to be fixed.
But now the session doesn't spread over different browser, in other words, an user has to login for each browser they open. The session can't be seen from other new browsers instances, except the one that the user did the login?

Is that how it works now? Previously, the user only do one login, and can open many browsers without requiring new login.

In the code, we don't use the <cfloginuser ...> function. Is It require?

Thanks if everyone can me some hints.
TOPICS
Advanced techniques

Views

161

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 1 Reply 1
latest latest Jump to latest reply
Guest
Aug 21, 2006 Aug 21, 2006

Copy link to clipboard

Copied

LATEST

> Sometimes other users can see someone's login info

I'm not sure switching to J2EE session variables completely solves this
problem. Perhaps you should investigate further as to how this was/is possible
and apply the most appropriate solution?

It appears that you have traded one problem for another but either way you
don't seem to be better off. This maybe due to a conflict in features or
configurations you are trying to achieve and for whatever reason this conflict
was not discovered or possible before the upgrade.

I don't have an answer to the problems you are experiencing, but I have
some ideas that may point to what might be part of the cause.

I'm guessing that you did not have a re-login problem because the session
tokens (cookies) were persisted to the user's hard-drive.

I think J2EE session requires that it use session tokens in a way that would
cause the web browser to receive new session tokens if the web browser is
opened via double clicking the browser icon on the desktop.
This might be the reason why a new browser opened from the desktop requires
a re-login?

But before you look at anything that has transpired after the upgrade, it might
be worthwile to first look at the problem you had before where other users
are able to see someone's login info.

I'm new to CF my self and i'm still reading Ben Forta's book but he has a great
section in there about cookies/tokens and how CF manages sessions.

Good luck!

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Copyright © 2023 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices