Coldfusion 10 changing cftoken and cfid on every call when load balanced

Report · Jun 10, 2014

I seem to be having the issue described here

https://bugbase.adobe.com/index.cfm?event=bug&id=3572565

I have a Coldfusion 10 server.

It maintains sessions (via cookie) just fine UNTIL I load balance it with another CF 10 server.

When I do that, the cftoken and cfid cookies change on every hit to the web server.

Since the user login information is tied to the cftoken and cfid (stored in a database somewhere) the user will be logged out if these change.

The exact same production code works fine with two load balanced CF 8 servers.

my cfapplication looks like this:

<cfapplication name="Pappy"

sessionmanagement="Yes"

clientmanagement="Yes"

setDomainCookies = "Yes"

sessiontimeout="#CreateTimeSpan( 0, 8, 0, 0 )#"

>

if it matters client variables are stored in an sql server instance and are being stored just fine.

The bug is marked fixed in:

Bug#3593673 - Domain attribute of cfcookie is always trimmed to .domain.tld

I am on 10,0,13,287689 and this bug was fixed in 286333 according to the bug reference above.

TIA,

Don

Report · Jun 10, 2014

I should also add that I am using a sub-domain ...

test.<myhostname>.com

I have not tried it without a sub-domain.

I did try with an ip address instead of sub-domain.

i get the same result ... the cfid and cftoken change when a different server behind the load balancer gets the request. its acting like domain cookies are turned off, but as you can see in my cfapplication they are on.

Report · Jun 10, 2014

What if you delete the main website's CFID and CFTOKEN first

HTH

Thanks

VJ