session variables being lost in IE7

Forum|Forum|16 years ago
December 9, 2009
2 replies
2692 views

has anyone else experienced, heard of, or solved this issue?

I have a web app thats been running fine for 5+ years and using session variables (i'm currently using CF8).

When a user goes from page to page the session is carried with them so i know their login info. However, recently some users (and not all) have complained that after logging in fine (meaning the sessions variables are created) and go to another page off of the main one only to get a timeout issue. I've compared everything from IE settings to server settings, etc. but found no differences. It's like once they navigate to another page in the app the sessions are not carried to the next page.

My timeout code is written so that if the session variables that are created at login are not present the message will show.

Some users had to revert back to IE6 and it worked fine. Is there something they did wrong with ther IE update or is there some sort of server hot fix for this?

Hope someone can help... i'm baffled.

This topic has been closed for replies.

D

Daverms

Inspiring

Could this be a reason?..

http://www.jensbits.com/2009/07/29/coldfusion-dropping-losing-or-resetting-session-variables-and-cfidcftoken/

A

Anonymous

That forum you posted is definitely my issue! However it still is unresolved and the users have yet to pinpoint the cause (just like me). I too firmly believe its due to an IE7 upgrade b/c that is when this happens.

I've checked out the user cookies. I used this script and put it on my server and had the user try it:

http://www.bennadel.com/blog/730-Testing-ColdFusion-Session-Cookie-Acceptance.htm

The cookies are passing over to the next pages fine (this script showed a success on the user machines). But ye the sessions are lost in my app. the CFID and CFTOKEN are changing when the user clicks to go to another page after login.

In fact I have the CF8 server monitor up and running and when someone logs in I can see the their session info under the MEMORY USAGE --> Sessions by memory usage.

I'm finding that users with this issue can log in fine but the session never gets registered with the server?!? Their CFID and CFTOKEN is not showing as an active session and when they click to another page their CFID is always different than their original?

Any thoughts?

ilssac

Inspiring

BosDog wrote:
Any thoughts?

Do you have the capability to explore the user end of this? It would be very helfpfull if one could watch the cookies from the client end as well as the server end. Maybe they are not accepting cookies because of some enhanced IE7 security setting, or maybe they are somehow using old or bad cookies or something.

ilssac

Inspiring

Have you investigated these users cookies?

There is an often overlooked correlation between ColdFusion session variables and cookies. In order for ColdFusion to know what request goes with what session data it creates two cookies, CFID and CFTOKEN by default, or one cookie JSESSIONID if that option is configured in the Administrator.

If anything on the user's client system or anything in between prevent these cookies from being accepted or passed back with future requests, ColdFusion will not know this user belongs to an existing session and set up a new one for them. Besides browser settings, security and antivirus software, firewalls and proxy servers can cause this type of problems, but in your case it sounds like a browser issue.

A great way to diagnose this is to look at the http headers these users are getting in IE and see if they are getting new cookie values with every request.

You can also check this on the server side by loging or displaying the CFID and CFTOKEN or JSESSIONID values.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded