I seem to be having the issue described here
I have a Coldfusion 10 server.
It maintains sessions (via cookie) just fine UNTIL I load balance it with another CF 10 server.
When I do that, the cftoken and cfid cookies change on every hit to the web server.
Since the user login information is tied to the cftoken and cfid (stored in a database somewhere) the user will be logged out if these change.
The exact same production code works fine with two load balanced CF 8 servers.
my cfapplication looks like this:
setDomainCookies = "Yes"
sessiontimeout="#CreateTimeSpan( 0, 8, 0, 0 )#"
if it matters client variables are stored in an sql server instance and are being stored just fine.
The bug is marked fixed in:
I am on 10,0,13,287689 and this bug was fixed in 286333 according to the bug reference above.
I should also add that I am using a sub-domain ...
I have not tried it without a sub-domain.
I did try with an ip address instead of sub-domain.
i get the same result ... the cfid and cftoken change when a different server behind the load balancer gets the request. its acting like domain cookies are turned off, but as you can see in my cfapplication they are on.
What if you delete the main website's CFID and CFTOKEN first
<cfcookie name="cfid" value="" domain=".mysite.com" expires="now">
<cfcookie name="cftoken" value="" domain=".mysite.com" expires="now">