Folks - I am truly stumped on this one and need help. I am training a new co-worker on our CF 9.0.2 EE environment and wanted to have him run some of our scheduled tasks. I had him log into the production website with the admin id and password (single password only using the 'generic' cfadmin id) without incident.
He navigated to the scheduled tasks without incident and clicked on the 'Run Scheduled Task' button, and up popped a message to log back into CF administrator. Never, never have I seen this happen before. I verified, and no one else was logged into the CF Administrator at the time.
The application log contained the following warning message: "CFADMIN","There was an error while verifying the token. Either the session timed out or un-authenticated access is suspected."
I've googled, Yahooed, and every other thing in between and can only fin references to CF10 and single account sessions. We verified again that he was the only on using the CF administrator. (I know this because I am the only other one that knows the admin password). We are both in the same administrative security group for the server (Windows 2003 R2) have the same security to the database - read-only (MS SQL Server 2005), but none of that should matter since we are going through IE and using the IWAM or IUSER permissions. Didn't seem to matter if Windows Integrated Authentication was check or not within IE options either.
I tried implementing separate user name and password security - but got the same error message.
Any ideas are most appreciated.
We had this behavior start happening to us when we enabled secure httponly session cookies on 9.0.1 EE. To finally get it solved, we access the admin over https (not http), and now use a FQDN in the host header in IIS for the cfadmin site.
I am having this exact same problem on CF 9.0.2 Standard. It runs on Windows Server 2008 standard. When I connect to the CF admin with the IP address (http://xxx.xxx.xxx.xxx/cfide/administrator), it works perfectly well. When I try and connect with a dns entry (http://host.domain.com/cfide/administrator) I get this error. I've exhausted what I know to look at with this issue. I'd rather not access the CF Admin via the IP address and setup a dedicated site for it in IIS that I can further password protect. I should also note that it works fine if I am RDPed into this server and use http://localhost/cfide/administrator
Any ideas on what I can look at here?
Back to my original post - the problem was happening with ONLY ONE person. I figure it had something to do with how the person's id was set up on the network (i.e. this person was a contract on-shore/off-shore worker) that didn't have access to all of the available resources necessary for him to work in the environment. I was unable to get network to re-work his setup/id, and then he was contact was not renewed on June, so it became a moot issue.
I know this doesn't solve or answer the issue that you are having, but I figured that I should at least complete my issue.
More detail on my problem here.
If I use Safari to access the admin via the DNS hostname, it works perfectly well. When I use ANY other web browser with the hostname I get the error.
So to sum up, if I access the administrator with the IP in any browser it works. If I access with the hostname in Safari it works. If I access it with any web browser other than Safari with the hostname, I can login fine. But as soon as I try to modify any settings (as simple as adding my IP address to the debugging list) I get this error in the browser:
There was an error accessing this page. Check logs for more details
And this error in the logs:
There was an error while verifying the token. Either the session timed out or un-authenticated access is suspected.
So the question becomes why does it work in Safari with the hostname, but not in any other browser (IE 10, Chrome, Firefox)?
@Libby, as for your issue where you get an error in the Admin when doing certain operations, saying "There was an error accessing this page, check logs for more details.", there is indeed a workaround for that issue.
Basically, it's a duplicate cookie problem for the CF session cookie(s). There are in fact a few solutions to that, and I discuss the problem and those workarounds in a blog entry I just created:
'CF911: Solving problem in #ColdFusion Admin getting "error accessing this page" on certain actions'
Hope that may help you or some readers here.
(Brian, as for your finding that it works fine but only on one browser, Safari, I wonder if it could be related to some of the points I share in the entry. For instance, if perhaps that browser hadn't been used to visit parts of your site the way other browsers had, and so it didn't experience this duplicate cookie problem, that could explain it. But if you may confirm that's not the case, and that either Safari does show having the duplicates (and CF doesn't care) or you visit all the same pages as with other browsers and just never get the duplicates, it could indicate that Safari does something different to keep it getting the duplicates. But either way, for those with the problem, the duplicate cookies seem to be the problem, and removing them seems to be the solution.)
Charlie - thank you for your help. Although you have identified the true problem, unfortunately I still don't have a solution. But I kept in the back of my mind . . .
But just recently, I too was stricken with this same problem myself. As a last resort, I clean out all of my cookies and all of my temporary Internet files. This did the trick for me.
My shop runs the most vanilla of CF9 environments possible, single website instance, single MS SQL Server database, IIS 7 on a Windows 2008 R2 server. Absolutely no bells or whistles.
So again, thanks for taking the time to read my post and offer you thoughts and assistance. Without help from experts like you - well - I don't know where I would be.