A

Anonymous

Question

CFID and CFTOKEN changes from page to page

Forum|Forum|15 years ago
September 21, 2010
5 replies
9427 views

We have a closed network running CF 8.0.0.176276 version. My issue is with session variables cfid and cftoken. As I am navigating around the site the cfid and cftoken and always changing which sucks for tracking actually logged in website admins. We have the same exact code on another network but it is running CF 8.0.1.195765 and it works great. If I pass say cfid and cftoken in the url everything works.

I have opened server monitor and viewed the number of active session to IP addresses and we have only about 7 users but those 7 users together created close to 700 active sessions. Any help is great, I've Googled this issue and tried workarounds but if no one experienced this issue I guess I can patch it to match our other server.

I have made a simple version of this issue with a single cfapplication tag with all the required fields in a application.cfm and a single index.cfm file with one link to itself and a cfdump of session structure all in a new folder. When I click the link the cfdump of session shows a new cfid and cftoken value each and every single time... Thanks.

This topic has been closed for replies.

ecobb

Inspiring

If "Use J2EE session variables" is checked in the CF Admin, I believe you'll get a new CFIDE and CFTOKEN on every request.

ecobb

Inspiring

Yeah, according to the CF 9 LiveDocs (http://bit.ly/cKprqn):

"If you use J2EE session management, the Session scope does not include the Session.CFID or Session.CFToken variables, but does include the Session.URLToken and Session.SessionID variables. In this case, the Session.SessionID is the J2EE session ID and Session.URLTokenjsessionid= followed by the J2EE session ID."

It also states that CFIDE and CFTOKEN are use in "ColdFusion session management only" (and not J2EE session management)

This may not be your problem, but I thought I'd throw it out there to help troubleshoot.

F

FSUKXAZ

Known Participant

Hi all, I work with Kevin. I had the server guys update Coldfusion to the 8.0.1 and all the patches. Still didn't work. I put in a ticket to have the crappy IE8 browser rolled back to IE7. Today they came and completed that IE8 is gone. We're running IE7 now. We're using same code as on other network. All the settings in CFADMIN match perfectly. So what gives? Session variables still don't persist from page to page. The thing Kevin and I see is the CFID and CFTOKEN changing.

Todd

ilssac

Inspiring

Also realize that the Browser and it's settings can affect the generation of CFID and CFTOKEN values.

These values are, usually, set as cookie values. IF the browser, or anything between the browser and the server (virus|malware interceptors, proxy servers, etc) prevent these cookies from being saved and returned to the server with future requests, the server will generate a new set of values and return them to the client.

When diagnosing this type of difficulty one must follow the requests completely from one end of the conversation to the other... application server all the way to the client browser and back.

A

Anonymous

Since this works on 8.0.1 version I am just going to patch the server. I want to believe this is a bug in the 8.0 version and was answered with the released patch. Thanks for all the inputs!

josh_adams1

Participating Frequently

This is an interesting issue--has it afflicted you always or just recently? Given that this is ColdFusion 8.0 and the installer for ColdFusion 8.0.1 has been the only ColdFusion 8 installer available for about 2.5 years, I'm guessing this just cropped up. So if that's true, what changed?

Regardless, though I don't know if it will help this issue, we do very much encourage all ColdFusion 8.0 users to...upgrade to ColdFusion 9.0.1! Well, okay, if you're not going to do that, we encourage you to update to ColdFusion 8.0.1 as you have on your other server. And while you're at it, check out the ColdFusion 8 security bulletins at http://www.adobe.com/support/security/#coldfusion--these are critical!

A

Anonymous

We just copied over code from the other server since we are updating to a new design and this design has a admin area which admins log into. That is when we found out about this weird issue. We are getting CF9 but maybe in the meantime I will talk to our server admins to get it patched 8.0.1 and see what results I get. Thanks Josh!

M

Mike Chabot

Inspiring

It sounds like cookies are not being saved. It could be that a

firewall is stripping them out. The first thing to try would be a

different Web browser to see if the problem remains. If the problem

goes away then it is likely an issue with one of the browser settings.

Another easy thing to check would be the session settings in CFAdmin.

Maybe the timeout is too low.

For more complex troubleshooting, I would run a tool like Live HTTP

Headers or Fiddler to inspect the raw HTTP traffic and make sure the

cookie values are being sent back and forth.

-Mike Chabot

A

Anonymous

The cookies between the two servers are different. The one that works has more session information such as HasSessionScope true while the one that doesn't work has just cfid and cftoken defined. The CFAdmin session timeout is default to 20 mins and havn't touched it since installation. Thanks Mike!

Owainnorth

Inspiring

It's not entirely clear whether this is sorted or not, but in case it's not or for future reference, I had this issue the other week. Turned out that Client Management in CFAdmin was still set to Registry, and the user CF was running as did not have access to the Registry, hence every page hit got a new ID.

Changed it to use a database for Cfclientstore, job done.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded