3 Replies Latest reply on Nov 29, 2013 1:19 PM by DCwebGuy

    Strange CF10 Cookie Behaviour


      I've been having a very strange problem with Internet Explorer (mostly) and ColdFusion 10.


      I'm using CFID and CFTOKEN to track user sessions. Occasionally - primarily in IE - something goes wrong and I keep getting a new CFID/CFTOKEN every time I refresh any page. This means that logins fail because the session created and returned is a new one that has no user logged in. The only way to fix this is to clear the browser cookies for that domain and then it works for a while before this starts to happen again.


      I've googled all over the place and tried numerous session fixation fixes to no avail. I've even tried to create a page that simply dumps all the cookies and invalidates the session but this doesn't help either.


      This is a new server that I want to begin using for all new client sites, but until this is resolved I can't do so.


      Any help would be greatly appreciated!


      Brian Loewen

        • 1. Re: Strange CF10 Cookie Behaviour
          DCwebGuy Level 1

          I have seen weird behavior like this before and we always solved it by completely resetting the browser back to default.  It's a pain if you have a lot of custom settings, but give it a try and see if it helps.  In IE go to Options > Advanced > Reset, close browser, then try again.  You will lose all cookies, history, etc.  I've seen this issue with every browser at least once, not just IE.  If problems presist, reboot both your server and local client computers.

          • 2. Re: Strange CF10 Cookie Behaviour
            bloewendev Level 1

            This works just fine, and it's what we've been doing, but I need something that I can do server side.


            I'm hosting several ecommerce websites on this server and I can't have each customer coming to the site required to clear their cache/cookies/etc.

            • 3. Re: Strange CF10 Cookie Behaviour
              DCwebGuy Level 1

              I agree it would be nice to find a server side solution (or any logical reasons this happens at all), but at least for me it has happened so rarely that I've never bothered to look.  My hunch is that if you have a lot of complex applications and sessions, etc., things just go "bump" for no reason and cause cookie conflicts.  Could also have to do with firewall settings, anti-virus, https, you name it.  Systems in general are getting so complex these days I think it's inevitble.  I would love to hear if anyone knows why they think this could happen.