"CFADMIN","There was an error while verifying the token. Either the session timed out or un-authenti

Question

Folks - I am truly stumped on this one and need help. I am training a new co-worker on our CF 9.0.2 EE environment and wanted to have him run some of our scheduled tasks. I had him log into the production website with the admin id and password (single password only using the 'generic' cfadmin id) without incident.

He navigated to the scheduled tasks without incident and clicked on the 'Run Scheduled Task' button, and up popped a message to log back into CF administrator. Never, never have I seen this happen before. I verified, and no one else was logged into the CF Administrator at the time.

The application log contained the following warning message: "CFADMIN","There was an error while verifying the token. Either the session timed out or un-authenticated access is suspected."

I've googled, Yahooed, and every other thing in between and can only fin references to CF10 and single account sessions. We verified again that he was the only on using the CF administrator. (I know this because I am the only other one that knows the admin password). We are both in the same administrative security group for the server (Windows 2003 R2) have the same security to the database - read-only (MS SQL Server 2005), but none of that should matter since we are going through IE and using the IWAM or IUSER permissions. Didn't seem to matter if Windows Integrated Authentication was check or not within IE options either.

I tried implementing separate user name and password security - but got the same error message.

Any ideas are most appreciated.

Libby

Libby_H · Accepted Answer

Charlie - thank you for your help. Although you have identified the true problem, unfortunately I still don't have a solution. But I kept in the back of my mind . . .

But just recently, I too was stricken with this same problem myself. As a last resort, I clean out all of my cookies and all of my temporary Internet files. This did the trick for me.

My shop runs the most vanilla of CF9 environments possible, single website instance, single MS SQL Server database, IIS 7 on a Windows 2008 R2 server. Absolutely no bells or whistles.

So again, thanks for taking the time to read my post and offer you thoughts and assistance. Without help from experts like you - well - I don't know where I would be.

Charlie Arehart · Answer

@Libby, as for your issue where you get an error in the Admin when doing certain operations, saying "There was an error accessing this page, check logs for more details.", there is indeed a workaround for that issue.

Basically, it's a duplicate cookie problem for the CF session cookie(s). There are in fact a few solutions to that, and I discuss the problem and those workarounds in a blog entry I just created:

'CF911: Solving problem in #ColdFusion Admin getting "error accessing this page" on certain actions'

http://www.carehart.org/blog/client/index.cfm/2014/4/10/CF_Admin_error_about_error_accessing_this_page

Hope that may help you or some readers here.

(Brian, as for your finding that it works fine but only on one browser, Safari, I wonder if it could be related to some of the points I share in the entry. For instance, if perhaps that browser hadn't been used to visit parts of your site the way other browsers had, and so it didn't experience this duplicate cookie problem, that could explain it. But if you may confirm that's not the case, and that either Safari does show having the duplicates (and CF doesn't care) or you visit all the same pages as with other browsers and just never get the duplicates, it could indicate that Safari does something different to keep it getting the duplicates. But either way, for those with the problem, the duplicate cookies seem to be the problem, and removing them seems to be the solution.)

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded