Session variables missing

Another point of interest is that Sessions are maintained if I access the sites from the box they are hosted on.

BKBK,

It is the the same result.
The cookies are set on the users machine but the session is not maintained between pages.

To further clarify 'between pages'... the session is maintained when the user clicks hyperlinks... its only when the user submits a form that a new session is created.

thanks,
Adrian

Also we have a valid p3p policy attached to all sites.

Howdy,

I have the same problem and I am at wits end.
I have upgraded 5 servers in the passed 3 months from cfmx 6.x to 7.0.2

For 3 of the upgrades we now experience this problem. The other 2 are fine.
All worked under 6.x without this issue and the cfmx upgrade is all that has happened.

All servers run windows 2003 sp1 and IIS 6.0.
All servers have an identical multiserver cf configuration running on jrun.

Monitoring the http traffic..... IE 6 + 7 accept and send the correct cookie info with each request.
and on the server side watching the traffic with ethereal the correct cookie info is received.

it just seems to be ignored by cf.

Everything works fine when using firefox.

Any help would be greatly appreciated.

thanks,
Adrian

Take a look in the status bar of your browser when you are on one of your pages that is losing state. If IE is rejecting cookies due to a security or P3P issue, there should be a little icon near the zone indicator (i.e. a globe and the word "Internet") that looks like an eye. If you click on that icon you will receive more information about what is going on.

We've had problems with this (espcially in IE) if there is no P3P privacy policy set on the server. This is a custom HTTP header that browsers can use to determine the privacy policy associated with the website host. The only clues to this being the problem are:
1) Cookies don't last longer than 1 page
and
2) IE displays a weird little icon at the bottom of the browser and the message says something about cookies being blocked.

If you are interested in finding out more, google's got a ton of entries on P3P privacy policies as well as some free P3P privacy policy text generators.

Then the apparent problem IS with cookies. Try setting a cookie and then reading it. Something simple like just saying "hello world". If you can manually (programmatically) set and retrieve a cookie then you can move onto other possible problems.

Yes it works fine when I use #session.urltoken# in the url but this is not an ideal solution....

I know you've checked for cookies but are you able to set up a test and pass the CFToken and CFID in the URL to see if that has an impact?

Also, the cfid and cftoken values change with each browser request.

I really need a solution to this problem and would appreciate any help.

------------

The first impression I have reading your symptoms is the browser has
cookies turned off. Thus the cfid and cftoken cookies are not
persisting. Without these, CF then creates new sessions with new cfid
and cftoken cookies every request.

If you have a requirement to support browsers without cookies, you can
pass the cfid and cftoken values through the URL. This has various
issues and requirements but is well discussed in the documentation.