"From what we've found, the CFID, CFTOKEN, and JSESSIONID are all still valid cookies on the user side." - on the users having the issue and not just local been working users? just checking
and have you tried just putting them in the url string for all your links. been awhile since I had to think about that, but if im not mistaken, that should avoid cookie problems all together. ~Terry -----Original Message----- From: Jason Dunaway [mailto:[EMAIL PROTECTED] Sent: Thursday, April 05, 2007 7:41 To: CF-Talk Subject: Session timeout problems Hi all, I'm having trouble with sessions timing out randomly. I have 2 days to get a fix together for this problem so any help is greatly appreciated. Here are the specifics: The website in question is heavily based upon user information. We designed a "user" component that is loaded in the session scope when the user logs in. This component contains all of the user's information as well as methods dealing with the user's information. In the site's main application.cfm, we are checking to verity that "session.userdata" is defined in order to access any page. If that variable is not defined, then we direct the user to a "session timeout" page that requires them to log back in. Our goal is to have the session timeout be set at 2 hours. We've made sure that, on the coldfusion server admin end, everything is setup to 2hrs. In the application.cfm page, we're setting the application up like this: <cfapplication name="test" sessionmanagement="yes" sessiontimeout="#CreateTimeSpan(0,2,0,0)#" setclientcookies="yes"> OK, so in theory this should be fine. Well, not so much. Most (like 90% or more) of our users DO NOT have any issues. They stay logged in for the 2 hours without any problems. In fact, we are unable to duplicate the problem but have confirmed that it's happening with some users. Every time the view a page the timer is reset and all is well. Well for quite a few users we are seeing that their sessions are timed out randomly, ranging from 3 minutes all the way to 117 minutes! It is very strange. The site is on a cluster (2 servers), so we assumed that the "sticky" is not working correctly. Proxy server stuff also has been considered. We've taken all of the steps necessary to eliminate both possibilities.....we're now running on 1 server and making sure that no pages are cached by remote proxies. I've been researching how coldfusion manages sessions. We are gathering as much data as we can when the timeout occurs. From what we've found, the CFID, CFTOKEN, and JSESSIONID are all still valid cookies on the user side. For whatever reason the session scope variables are being wiped out randomly. There has been no pattern to this, it's completely random and the data collected is not pointing in any one direction. If you have any advice, please respond. I've spent a lot of time recently trying to chase down this problem and I'm getting very annoyed by it. I would sincerely appreciate any input. We are using CFMX 6.1. Any questions about what I've posted please let me know and I'll do my best to answer. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| ColdFusion MX7 by AdobeĀ® Dyncamically transform webcontent into Adobe PDF with new ColdFusion MX7. Free Trial. http://www.adobe.com/products/coldfusion?sdid=RVJV Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:274573 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4