Session Data Crossover CF4.5

Report · Nov 29, 2006

I have a CF web application that implements session state and I have a reliable report that two users' sessions are colliding (i.e., when second user on the same corporate network and browser but different user ids logs into the app the first user's session is refreshed to the second users settings including user id and account, etc... on the next page view or refresh).

This is expected behavior on a single computer + browser when running multiple instances of the application but the users are reporting that it happens from different windows workstations using IE6. As noted in the summary this particular application resides on a CF 4.5.x server installation and I am using CFLOCK on all session variables.

We have actually logged into the same two user accounts from browsers on our network (i.e., outside the firewall of the users reporting the problem) and we don't see the behavior.

Any insights appreciated.

Report · Nov 29, 2006

Are the computers "imaged" or otherwise deployed onto the enterprise using a standard/premade software configuration? Session state relies on a unique key pair stored in a cookie at the local machine. The server provides it to the browser upon first visit. (And probably others, if it expires) - If the person creating the image visits the website (to say, set it as a homepage) but then doesn't clear cookies, any computer duplicated off that image will have the same 'unique' pair and this session duplication will occur. Try clearing the cookies on the affected machines, and this could solve the problem when the server reissues the new tokens.

Adobe Community

Session Data Crossover CF4.5