Locking not working?

Report · Oct 17, 2007

Our application has about 150-200 concurrent users at any given time. We're using session management with the basic CFID and CFTOKEN, which is a UUID. We have an exclusive CFLOCK around the bit of login code that sets their session's user id. We also provide a login option to keep them logged in, which when set is a cookie of their password hashed. If their session has expired and they have this cookie we pass them through the login procedure.

All of this works fine until we restart the ColdFusion (8) server. It seems as soon as we do this at least a few of the people sitting there refreshing and waiting for the app to come back up get the wrong login credentials and end up logged in as someone else. It's very disconcerting.

Does anyone have any suggestions to avoid this happening? I thought the exclusive lock would be all we needed.

Report · Oct 18, 2007

I'm not sure if I understand completely...are you saying that if a user logs in, and than waits...and you restart the ColdFusion server, on their next request they appear to have assumed someone elses session?

Session data cannot persist between server restarts, since session data is always stored in memory on the ColdFusion server.

Have you looked into using "client" vars at all?

Report · Oct 18, 2007

No, that's not what I am saying. It seems that when the server is down, all the people who have the auto-login cookie seem to cross paths and get logins mixed up when I bring the server back up.

Report · Oct 18, 2007

It's probably difficult to say much about this unless we can see the
relevant code.

Even if it's just a behavioural change between CF versions, it'll be easier
to work out what it is with some code.

--
Adam

Adobe Community

Locking not working?