Copy link to clipboard
Copied
Recently our team decided to implement a secure session management. It is very similar to the guidelines mentioned in the article.
Session Management Guide CFML Documentation (cfdocs.org)
However, the hash stored in the cookie is not immediately updated. ie when CF reads from the cookie to verify it, it still holds the old value and logs the user out. It doesn't happen often but randomly. Especially when we there's multiple user actions in quick succession. Has any one implemented a solution similar to this? The code has been made thread safe by encapsulating in cflock block. Please advice.
Copy link to clipboard
Copied
However, the hash stored in the cookie is not immediately updated. ie when CF reads from the cookie to verify it, it still holds the old value and logs the user out. It doesn't happen often but randomly. Especially when we there's multiple user actions in quick succession. Has any one implemented a solution similar to this?
By @Ann Sam
I would guess that that is an isuue familiar to anyone who has developed an application relying heavily on cookies and sessions. Some common causes of the issue are: