• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Strange CF10 Cookie Behaviour

New Here ,
Nov 26, 2013 Nov 26, 2013

Copy link to clipboard

Copied

I've been having a very strange problem with Internet Explorer (mostly) and ColdFusion 10.

I'm using CFID and CFTOKEN to track user sessions. Occasionally - primarily in IE - something goes wrong and I keep getting a new CFID/CFTOKEN every time I refresh any page. This means that logins fail because the session created and returned is a new one that has no user logged in. The only way to fix this is to clear the browser cookies for that domain and then it works for a while before this starts to happen again.

I've googled all over the place and tried numerous session fixation fixes to no avail. I've even tried to create a page that simply dumps all the cookies and invalidates the session but this doesn't help either.

This is a new server that I want to begin using for all new client sites, but until this is resolved I can't do so.

Any help would be greatly appreciated!

Brian Loewen

Views

734

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Contributor ,
Nov 26, 2013 Nov 26, 2013

Copy link to clipboard

Copied

I have seen weird behavior like this before and we always solved it by completely resetting the browser back to default.  It's a pain if you have a lot of custom settings, but give it a try and see if it helps.  In IE go to Options > Advanced > Reset, close browser, then try again.  You will lose all cookies, history, etc.  I've seen this issue with every browser at least once, not just IE.  If problems presist, reboot both your server and local client computers.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Nov 29, 2013 Nov 29, 2013

Copy link to clipboard

Copied

This works just fine, and it's what we've been doing, but I need something that I can do server side.

I'm hosting several ecommerce websites on this server and I can't have each customer coming to the site required to clear their cache/cookies/etc.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Contributor ,
Nov 29, 2013 Nov 29, 2013

Copy link to clipboard

Copied

LATEST

I agree it would be nice to find a server side solution (or any logical reasons this happens at all), but at least for me it has happened so rarely that I've never bothered to look.  My hunch is that if you have a lot of complex applications and sessions, etc., things just go "bump" for no reason and cause cookie conflicts.  Could also have to do with firewall settings, anti-virus, https, you name it.  Systems in general are getting so complex these days I think it's inevitble.  I would love to hear if anyone knows why they think this could happen.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation