I have a CF web application that implements session state and
I have a reliable report that two users' sessions are colliding
(i.e., when second user on the same corporate network and browser
but different user ids logs into the app the first user's session
is refreshed to the second users settings including user id and
account, etc... on the next page view or refresh).
This is expected behavior on a single computer + browser when
running multiple instances of the application but the users are
reporting that it happens from different windows workstations using
IE6. As noted in the summary this particular application resides on
a CF 4.5.x server installation and I am using CFLOCK on all session
We have actually logged into the same two user accounts from
browsers on our network (i.e., outside the firewall of the users
reporting the problem) and we don't see the behavior.
Are the computers "imaged" or otherwise deployed onto the
enterprise using a standard/premade software configuration? Session
state relies on a unique key pair stored in a cookie at the local
machine. The server provides it to the browser upon first visit.
(And probably others, if it expires) - If the person creating the
image visits the website (to say, set it as a homepage) but then
doesn't clear cookies, any computer duplicated off that image will
have the same 'unique' pair and this session duplication will
occur. Try clearing the cookies on the affected machines, and this
could solve the problem when the server reissues the new