Skip to main content
K
kamalg100
Participant
November 23, 2008
Question

problem with sessions

  • November 23, 2008
  • 2 replies
  • 385 views
Have been using cold fusion 5.0 for years, all has been ok, recently started using CF MX7 and CF 8, now maybe I'm being stupid, but this problem seems to happening on any version of CF above 5.0. Basically keeping the same CF5 code, after migrating to MX7 or CF 8, session information randomly appears on the wrong client machine, which is obviously a security risk. Example I might be logged in as kamal, then suddenly I would get the session information for Greg or some other person. Can anybody help me with this?? Should I be using some sort of unique cftoken session variable?

Using Mx7 on w2k3 with sql server 2008

Example code for getting login information


<cfquery name="check_login" datasource="#Application.StoreDSN#">
SELECT uid, studentid from student_info
WHERE (studentid =#session.id#) AND (uid ='#trim(session.uid)#')
</cfquery>
This topic has been closed for replies.

2 replies

A
Anonymous
December 1, 2008
How many server machines are you running this on?

Are you running thru a proxy server and/or load balancer?
davidsimms
davidsimms
Inspiring
November 24, 2008
I'm not sure if this will fix your problem, but you're supposed to lock all activity involving session variables like so:

<cflock timeout="10" scope="session" type="exclusive">
<cfset VARIABLES.id = SESSION.id>
<cfset VARIABLES.uid = SESSION.uid>
</cflock>

<cfquery name="check_login" datasource="#Application.StoreDSN#">
SELECT uid, studentid from student_info
WHERE studentid = #VARIABLES.id#
AND uid = '#trim(VARIABLES.uid)#'
</cfquery>
Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices