1 Reply Latest reply on Aug 21, 2006 4:28 PM by <newbie />

    Session per browser instance

      After we upgraded from CFMX 6.0 to 6.1, we encounter some session problem. Sometimes other users can see someone's login info.
      Then I enable the J2EE session variables, that problem seem to be fixed.
      But now the session doesn't spread over different browser, in other words, an user has to login for each browser they open. The session can't be seen from other new browsers instances, except the one that the user did the login?

      Is that how it works now? Previously, the user only do one login, and can open many browsers without requiring new login.

      In the code, we don't use the <cfloginuser ...> function. Is It require?

      Thanks if everyone can me some hints.
        • 1. Re: Session per browser instance
          <newbie /> Level 1

          > Sometimes other users can see someone's login info

          I'm not sure switching to J2EE session variables completely solves this
          problem. Perhaps you should investigate further as to how this was/is possible
          and apply the most appropriate solution?

          It appears that you have traded one problem for another but either way you
          don't seem to be better off. This maybe due to a conflict in features or
          configurations you are trying to achieve and for whatever reason this conflict
          was not discovered or possible before the upgrade.

          I don't have an answer to the problems you are experiencing, but I have
          some ideas that may point to what might be part of the cause.

          I'm guessing that you did not have a re-login problem because the session
          tokens (cookies) were persisted to the user's hard-drive.

          I think J2EE session requires that it use session tokens in a way that would
          cause the web browser to receive new session tokens if the web browser is
          opened via double clicking the browser icon on the desktop.
          This might be the reason why a new browser opened from the desktop requires
          a re-login?

          But before you look at anything that has transpired after the upgrade, it might
          be worthwile to first look at the problem you had before where other users
          are able to see someone's login info.

          I'm new to CF my self and i'm still reading Ben Forta's book but he has a great
          section in there about cookies/tokens and how CF manages sessions.

          Good luck!