CFMX7 and session cookies- broken/different?

Howdy,

It is a dedicated server- this is the only site on it.

The frequency of the problem appears to be related to the number of sessions- when traffic is high, it happens a lot, and when it is low it happens less often, but it still happens. That is, the percentage of sessions at any one time that appear to have this issue seems to be relatively constant.

I've monitored memory usage using top- the server is not swapping, and there still seems to be RAM available (about 20% free). I'm not seeing any error messages or restarts in the CF logs- I don't know about JRun or anything Java-related, since I admit I know very little about that- even where any log files for Java or Jrun might be.

Session timeouts are handled differently depending on where you are on the site- most of the site we do nothing, but if you are in the middle of checking out we catch this and direct to an error/restart checkout page.

Judging from the Apache logs and repeated attempts to get a cart (based on their CFTOKEN), I doubt it is a timeout issue, since they should be able to get a cart and hang onto it the second time round. If I chek the logs, interwoven with these problem sessions I see other accesses from other IP ddresses where folks seem to have no problem buying things from the site. So it's not like suddenly no one can buy anything.

Unfortunately we have not been able to reproduce the issue. The only way I seem to get my browser to act the same way is to reject cookies, or set to prompt and then reject them. But that doesn't jive with the email from users passed on to us from our client- the emails all claim they've ordered off the web before, and that they have not adjusted their browser policies. On our systems if we set IE to the default cookie acceptance policy, everything is fine. I've also tried from home, and several of our other developers have tried also, with no one observing this behavior.

We have a site set up similarly running on 6.1 with no problem; we have a shared (Windows) server running MX 7 with none of our clients on that box reporting problems (though the volume on that box is fairly low compared to this one).

We've also observed that some of the users who apprarently run into this the first time they try to buy something (and get diverted to a page asking them to check their cookies) , are subsequently able to buy something and check out successfully (same IP address, and access within a minute or so of the first attempt). Others are not successful- we'll see several attempts within a minute all getting diverted to the cookie page, all from the same IP address, but with a steadily incrementing CFID (the first one might have a CFID of, say, 20000, the next 20001, the next, 20003, then 20004, etc.).
Plus, of course, emails passed on to us by the client from folks who claim to have bought items before and don't understand how to, or do not want to, relax their cookie acceptance policies.

Is there someway to monitor JRun that might tell us something?

Howdy,

Thanks for responding.

The site uses the CFTOKEN as part of the shopping cart data. Switching to UUID would require a signifcant rewrite because the field length is much larger.

Yes we are locking.

Switching to J2EE sessions just means a different cookie, correct? Are the CFID and CFTOKEN variables still passed as cookies in this instance? If not, then we're still looking at a code rewrite for the shopping cart pieces of the site. That's something I'd rather not undertake unless I understand better why the problem is happening now, on MX7, when it does not seem to have been happening before, and therefore have greater assurance that making the changes will fix the problem.

Thanks again for taking the time to respond.