I have a session problem that appears to be Server/Coldfusion
related - not caused by my code (pretty sure), any insight
suggestions would be greatly appreciated.
I was wondering if anyone has any experience with where a
Coldfusion session for an individual user gets given as a session
to another completely new/different user as their session?
I have an online shopping cart and the issue is that when the
onSessionStart event is fired in the Application.cfc a component
instance is created for the user. This just initialises default
user variables (logged in, name etc), and at this point they are
obviously not logged in to any account. The user component stays
like this until they either a) successfully register or b) they
login successfully to an existing account.
These are the only two methods that a user may be logged in.
However I have had (twice) where a user has arrived at the website
and should have a brand new session yet instead of this they are
able to view an entirely different user's session (this is bad as
you can imagine as they are able to see someone else's personal
details/credit card information) :(
I have no idea how it is possible for someone who should get
a brand new session to receive someone else's session???
I have re-checked my code and confirmed that the only way
that a user can be logged in is via the login/registration pages,
in this case neither has happened - the user only arrived at the
home page.
Any help would be great.
Regards,
Shaun Byrnes
Web Developer
Netgrow
W
www.netgrow.com.au
E shaun@netgrow.com.au
P 02 9718 5446
F 02 9718 0623