Session variable not sticking

Forum|Forum|17 years ago
October 28, 2008
4 replies
700 views

I have a website that uses session variables once a user logs in.
If I access the website from w/in our network (company network hosting the website) the session variables work great. If I access the website from outside the company network (public computer) the session variables aren't sticking.
Once the user logs in to the site they get the "Thank You for logging in" screen but once returned to the home page the variables are gone....
Any thoughts on what to check? Crazy because the site work perfectly inside the network but doesn't on a public machine.
I will add this is https site but I don't see how that would make any difference because I use both https on and off the network.
Thanks for your help!

This topic has been closed for replies.

N

Newsgroup_User

Inspiring

Are you perchance flipping between the HTTP and HTTPS domains when you
go from the logout.cfm to the default.cfm pages? As I said before
cookies are an integral part of session state management. And cookies
are specific to a domain. And, if I understand correctly,
HTTP://mysite.com and HTTPS://mysite.com are considered two separate
domains. Thus I would expect they might get two different cookies.

M

MaryJo

Inspiring

quote:

Originally posted by: Newsgroup User
And, if I understand correctly,
HTTP://mysite.com and HTTPS://mysite.com are considered two separate
domains. Thus I would expect they might get two different cookies.

Actually, those should be treated as the same domain. However if you have something like http://www.domain.com and https://secure.domain.com those would not share cookies and the session would be lost unless maintained some other way.

S

sic4730Author

Inspiring

I still haven't figured this issue out.
This is driving me crazy.
The problem is slightly different (not sure why network admin said nothing changed).
Now if I access the https site from within our network everything works perfect no issues. However from outside the network you can log into our site (session variables are correct). When you click logout the logout,cfm page debbuing info shows session variables are gone. The logout.cfm page then redirects in 5 secs to default.cfm which now shows all the session variables again in the debuggin info. So I can't logout when I'm accessing the website outside our company network.
I'm using spry code would this have anything to do with it?
Also as a side note. We have Verisign logo on the default.cfm page. Inside the network that logo shows up. Outside the network the logo is gone. It doesn't even show an image box w/ an X like the image couldn't be found.
The site is hosted within the company 1 web server using IIS and ISA on another machine.

F

fober1

Inspiring

Hi,

If you are using multiple web-servers then a load-balancer can cause this issue.
Big companies also often have caching proxies in their network. In this case you may need to manage the session id in the URL:
<cflocation addtoken="Yes"...
and adding the session IDs to all links.

cheers,
fober

N

Newsgroup_User

Inspiring

The first thing to check with any system that is not maintaining session
state, is are they getting and accepting cookies.

Session state requires the cfid and cftoken cookies (or jsessionid
cookie if J2EE session management is used) to be received, accepted and
returned for the server to know which client belongs to which session.

You can sniff this out on both the client and|or the server to see what
these cookies are, and if they are changing with every request for a
given client.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded