After we upgraded from CFMX 6.0 to 6.1, we encounter some
session problem. Sometimes other users can see someone's login
Then I enable the J2EE session variables, that problem seem
to be fixed.
But now the session doesn't spread over different browser, in
other words, an user has to login for each browser they open. The
session can't be seen from other new browsers instances, except the
one that the user did the login?
Is that how it works now? Previously, the user only do one
login, and can open many browsers without requiring new login.
In the code, we don't use the <cfloginuser ...>
function. Is It require?
> Sometimes other users can see someone's login info
I'm not sure switching to J2EE session variables completely
problem. Perhaps you should investigate further as to how
this was/is possible
and apply the most appropriate solution?
It appears that you have traded one problem for another but
either way you
don't seem to be better off. This maybe due to a conflict in
configurations you are trying to achieve and for whatever
reason this conflict
was not discovered or possible before the upgrade.
I don't have an answer to the problems you are experiencing,
but I have
some ideas that may point to what might be part of the cause.
I'm guessing that you did not have a re-login problem because
tokens (cookies) were persisted to the user's hard-drive.
I think J2EE session requires that it use session tokens in a
way that would
cause the web browser to receive new session tokens if the
web browser is
opened via double clicking the browser icon on the desktop.
This might be the reason why a new browser opened from the
But before you look at anything that has transpired after the
upgrade, it might
be worthwile to first look at the problem you had before
where other users
are able to see someone's login info.
I'm new to CF my self and i'm still reading Ben Forta's book
but he has a great
section in there about cookies/tokens and how CF manages