Skip to main content
A
Anonymous
October 15, 2012
Question

CFTOKEN PROBLEM IN CF10

  • October 15, 2012
  • 3 replies
  • 7500 views

Hi,Irecently installed Coldfusion 10.When i login from first browser it logs me in and when i try to login from another browser it is throwing me out that there is active session which doesnt happen in CF9.I noticed that CFTOKEN is not genearating new token when i try login from second browser.Any Help would be appreciated.

    This topic has been closed for replies.

    3 replies

    BKBK
    BKBK
    Braniac
    October 16, 2012

    @Mucharla,

    Go back to the bug report, and scroll down to the post by Hemant Khandelwal. He gives a workaround, involving the Java flag

    -Dcoldfusion.session.protectfixation=false

    A
    Anonymous
    October 16, 2012

    Hi BKBK,

    can you please let me know where exactly bug report means.

    regards

    raja.

    A
    Anonymous
    October 18, 2012

    Wait... what?

    Are these two browsers on the same computer? If they are then that is not two browsers, that is one browser. You cannot open two instances of IE on the same machine and expect them to maintain different sessions.

    If that is what you are doing then when you "delete the cookies in the second browser" you are also deleting the cookies in the first.

    When you were doing this in CF9, what version were you using?  Did you have any of the security hotfixes installed?

    Of course CF10 allows multiple browser sessions, but to do that you have to actually use multiple browsers, not the same browser twice.

    jason


    In CF9 when i use two IE browsers on same machine it allowed me to login into two browsers,but CF10 doesnt allow me.

    this is what my problem.

    A
    Adam Cameron.
    Inspiring
    October 15, 2012

    Yes, this is a new (and somewhat hamfisted/misguided in its implementation) "feature" of CF10.  I think it only comes into play if you select the "secure profile" option when installing though?  I dunno how to switch it off.

    I recommend voting to get this reverted back to the default behaviour of CF prior to CF10, and the new feature made optional.

    Details here:

    https://bugbase.adobe.com/index.cfm?event=bug&id=3339008

    --

    Adam

    A
    Anonymous
    October 15, 2012

    hi Adam Cameron.,

    can you give any quick solution for this as this needs to tide up soon.

    regards

    raja.

    A
    Adam Cameron.
    Inspiring
    October 15, 2012

    Yes, the solution was to not install the secure profile in the first place.  As to solve it after the fact: I have no idea.  I've never had to deal with it.

    If you're in a hurry, you should be soliciting paid-for support from a consultant, not asking questions on a community-based forum.

    --

    Adam

    C
    carl type3
    Braniac
    October 15, 2012

    CF10 lets only one cfide/administrator at a time.
    See section - There are however some behavioral changes:
    http://www.adobe.com/devnet/coldfusion/articles/security-improvements.html

    HTH, Carl.

    A
    Anonymous
    October 15, 2012

    hi carl,

    Can you breif me about the possibility of logging into two different browsers with out duplicating the cftoken .

    Can we login to two browsers in CF10?

    C
    carl type3
    Braniac
    October 15, 2012

    Hi Raja, CFadmin by design in CF10 only allows 1 admin login at a time. I guess you could add multiple users. EG

    HTH, Carl.

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices