Known Participant

Question

Session Variables Not Sticking

Forum|Forum|13 years ago
June 13, 2012
6 replies
8813 views

We are having issue with Session variables sticking from page to page in our Admin area of our website. You can login, but as soon as you click on another link (or anything) they drop.

It's not a code issue because we have the same code on 2 other networks and it works fine. We also have the same code on our backup website on the same network and it works fine. The backup is on a different server in a different location. So that's 3 networks the code is running fine on. It even worked on this network on the main website up until about 9 months ago. I've verified/reverified the code mutiple times. Something must have happened with security patches, some IIS setting, or other server related issue. We are running 2003 Windows Server Edition SP2 and Coldfusion version 8,0,1,195765.

The browsers used are IE7 and IE8. I don't think it's a browser issue because I can open another tab in the same browser and login and stay logged in on the website on another network. We have already gone into browser advanced settings to make sure session variables are allowed. We've also had a couple of other admins look at it from various locations throughout the Country and they also cannot stay logged in on our main site. They can all stay logged in on the backup site.

Frustrating beyond belief. I'm betting it's a Microsoft issue. Anybody out there have a similar issue or know what it might be?

This topic has been closed for replies.

P

PerezG99

Participant

Have you tested with compatibility view turned on/off?

A

Anonymous

How was this issue fixed. I am having the same problem.

A

Aquitaine

Inspiring

It's leftover connectors from CF8. Check the IIS ISAPI connectors and you'll see CF8 still in there. Remove those and you should be fine.

BKBK

Community Expert

FSUKXAZ wrote:
I'm betting it's a Microsoft issue

Could IIS be performing some redirection?

S

Steve Sommers

Legend

I've experienced a similar problem with CF8 using IE8. I've narrowed it down to being cookie related which causes CF to loose the existing session and create a new session. For me, I can consistently duplicate the issue by having multiple tabs open to various sites and then accessing my site to login -- login is successful but the first page request is treated as unauthorized because the session is empty. If I shutdown and restart the browser and bring up only my site, everything works fine. And once I'm logged in, I have never lost a session by opening other tabs. And this has never failed using Firefox or Safari. What is very strange is that I have multiple sites using CF8 and CF9 and only one exibits this behaviour.

F

FSUKXAZAuthor

Known Participant

The issue exists whether I have just the one tab open or multiple tabs. Closing the browser, clearing the cache, and punching the monitor also haven't worked. Still have the same problem. I work in a government/military environment and only IE browsers are allowed.

S

Steve Sommers

Legend

I normally debug issues like this using Firebug with Firefox, thus why I have not spent any time looking further into the issue. I'm sure there is something similar to Firebug for IE out there. If someone determines the issue, I would love to hear what it is/was.

W

wcx08

Known Participant

I've been having a similar issue as well. It started happening after I installed a security hotfix for ColdFuson 9.0. The only browsers it seems to happen on are IE7, IE8, and sometimes IE9. I've read others having the same problems, only with IE browsers. Nothing in our code has changed, yet the sessions seem to get reset or don't occurr at all. This is code that has been working for about ten years now, suddenly broken. I'm not sure if it's an update for IE that Microsoft has made with the way it handles sessions? I'm in the process of reinstalling our ColdFusion instance in hopes to fix this problem.

F

FSUKXAZAuthor

Known Participant

Thanks. Sounds exactly like what I'm dealing with. Let me know what happens.

BKBK

Community Expert

FSUKXAZ wrote:
We are having issue with Session variables sticking from page to page in our Admin area of our website. You can login, but as soon as you click on another link (or anything) they drop.

What drops? I'm not trying to be funny. That is your crucial point, yet I really don't understand what you mean. Is it possible to navigate between pages, but without login (for example, getAuthUser() returns a blank string)?

F

FSUKXAZAuthor

Known Participant

The session variables (all 5 that I set) drop. So when you go to the next page they are no longer there. That's fine if it's not an admin page that requires logging in. Yes, you can navigate between pages. However, all the admin pages require login (where session variables are set) so the pages get the error routine which kicks them back out to the login screen telling them that they have to be logged in to view that page. Basically, something changed outside of my realm as a programmer. That change made the code stop working. I want to find out what that change may be... so I can tell the server or network people what it is so that they can fix it.

A

Aquitaine

Inspiring

Dump your session on each page. Is the JSESSIONID changing between every page?

If so, it sounds like a similar issue we had upgrading from CF8 to CF10 where some CF8 handlers got left in IIS and it would kill the session any time you navigated to a directory rather than a file, e.g. admin/ and not admin/index.cfm.

We didn't discover that part until after we'd already just deleted the site in IIS and re-added it, which also solved the problem.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded