Coldfusion 10 changing cftoken and cfid on every call when load balanced

Question

I seem to be having the issue described here

https://bugbase.adobe.com/index.cfm?event=bug&id=3572565

I have a Coldfusion 10 server.

It maintains sessions (via cookie) just fine UNTIL I load balance it with another CF 10 server.

When I do that, the cftoken and cfid cookies change on every hit to the web server.

Since the user login information is tied to the cftoken and cfid (stored in a database somewhere) the user will be logged out if these change.

The exact same production code works fine with two load balanced CF 8 servers.

my cfapplication looks like this:

<cfapplication name="Pappy"

sessionmanagement="Yes"

clientmanagement="Yes"

setDomainCookies = "Yes"

sessiontimeout="#CreateTimeSpan( 0, 8, 0, 0 )#"

>

if it matters client variables are stored in an sql server instance and are being stored just fine.

The bug is marked fixed in:

Bug#3593673 - Domain attribute of cfcookie is always trimmed to .domain.tld

I am on 10,0,13,287689 and this bug was fixed in 286333 according to the bug reference above.

TIA,

Don

Anonymous · Answer

I should also add that I am using a sub-domain ...

test.<myhostname>.com

I have not tried it without a sub-domain.

I did try with an ip address instead of sub-domain.

i get the same result ... the cfid and cftoken change when a different server behind the load balancer gets the request. its acting like domain cookies are turned off, but as you can see in my cfapplication they are on.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded