Sessions expire within a certain amount of time, which in general is 20 minutes. So clicking through by using a cached google page should not trigger that session, since it's data has already expired.
I would advice you to try enabling "single threaded sessions" in the CF Administrator. See if this helps solving your issues. If it does, you know the problem is in locking the variables. Micha Schopman Software Engineer Modern Media, Databankweg 12 M, 3821 AL Amersfoort Tel 033-4535377, Fax 033-4535388 KvK Amersfoort 39081679, Rabo 39.48.05.380 ------------------------------------------------------------------------ ------------------------------------------------------------------------ ----- Modern Media, Making You Interact Smarter. Onze oplossingen verbeteren de interactie met uw doelgroep. Wilt u meer omzet, lagere kosten of een beter service niveau? Voor meer informatie zie www.modernmedia.nl ------------------------------------------------------------------------ ------------------------------------------------------------------------ ----- -----Original Message----- From: Ian Buzer [mailto:[EMAIL PROTECTED] Sent: woensdag 26 januari 2005 8:31 To: CF-Talk Subject: Re: Sessions being show to wrong users? I'd back up Martin's theory of it being search engines indexing the site with the CFID/CFTOKEN in the URL. If two people follow that link within the session time out they will share the session. I now only use CFID/CFTOKEN in the URL from behind a log in page, or after someone has added an item to the basket etc ... all things a search engine can't do. It's always occurred to me that this is a massive security hole in the way that ColdFusion manages sessions. Having said that, most application servers use a similar method of maintaining session when cookies are not enabled. Ian >What is the URL that these people are coming in on ? Meaning, has Google >cached one of your pages which has mypage.cfm?CFID=xxx&cftoken=xxx in >the URL. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:191761 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54