lol " I still have colleagues who use sessions and occasionally I hear them complaining about a client timing out and loosing all their form data or edit session. Timeouts to a customer is one of the most frustrating things to deal with and it gives them a real good reason to leave."
Just deployed an app using a provider that forces session timeouts at 20mins on the server. On my machine I have the this set at 2 hrs. So there was a problem. I couldnÂt get them to change the server so I ended up creating a javascript/refresh frame to determine their connection. So when the script determines the frame did not refresh properly it alerts the user that their connection to the server was interrupted. This also touches the session which keeps the session state active until they close their browser no matter the settings on the server. Just thought it was funny you mentioned that. -----Original Message----- From: Vince Collins (NHJobs.com) [mailto:[EMAIL PROTECTED] Sent: Thursday, April 05, 2007 9:40 To: CF-Talk Subject: Re: Session timeout problems I'm sorry Jason that I can't solve your problem but I'd suggest you look into increasing your server memory possibly as well as looking at your CF Administrator settings. Also verify that you are locking the call to the session with cflock. I try to do this only once in the application.cfm file so there aren't multiple cflocks on every page that you reference it. Best of luck! I don't use sessions anymore... I had similar problems with sessions back in CF5.0 I figured it was either a server memory issue or a client proxy or browser brand/version issue. I decided to stick with session-level cookies and have never looked back since . They seem to always work. I set cookies with no timeout so they expire when they close their browser. I understand that sometimes for maybe security reasons you want to time them out in theory but is it really that much more secure? Two hour timeouts would mean that they can leave for lunch and come back and continue which kind of defeats the purpose of having a timeout to begin with doesn't it? Half-hour is better but still not something I'd consider secure. I might employ sessions on a banking application but I wouldn't like doing it because of my historical experience with sessions to date. I'd be interested in hearing other opinions on when is the best time to use a session versus a session-level cookie. I still have colleagues who use sessions and occasionally I hear them complaining about a client timing out and loosing all their form data or edit session. Timeouts to a customer is one of the most frustrating things to deal with and it gives them a real good reason to leave. Also, if you have never had problems with unexplainable session timeouts in your applications please chime in. I might have more faith in them! :) Vince Jason Dunaway wrote: > Terry, > > Yes, the users who are timing out still have valid cookies. We have > built in some logging code that grabs as much information as possible > from the users who are timed out prematurely, and every time they have > values for the CFID, CFTOKEN, and JSESSIONID cookies. > > At this point, putting anything into the URL is not an option. The > site is huge and this would require lots of changes to resolve a > problem that only a fraction of the user base is experiencing. In > addition, I believe that throwing the session info in the URL is much less secure. > We've noted this as a "worst case scenario" solution but hope to find > out a better way of fixing this problem. > > Thanks for your feedback! > > -----Original Message----- > From: Bader, Terrence C CTR MARMC, 231 > [mailto:[EMAIL PROTECTED] > Sent: Thursday, April 05, 2007 9:02 AM > To: CF-Talk > Subject: RE: Session timeout problems > > "From what we've found, the CFID, CFTOKEN, and JSESSIONID are all > still valid cookies on the user side." - on the users having the > issue and not just local been working users? just checking > > and have you tried just putting them in the url string for all your > links. > been awhile since I had to think about that, but if im not mistaken, > that should avoid cookie problems all together. > > ~Terry > > -----Original Message----- > From: Jason Dunaway [mailto:[EMAIL PROTECTED] > Sent: Thursday, April 05, 2007 7:41 > To: CF-Talk > Subject: Session timeout problems > > Hi all, > > I'm having trouble with sessions timing out randomly. I have 2 days > to get a fix together for this problem so any help is greatly > appreciated. > Here > are the specifics: > > The website in question is heavily based upon user information. We > designed a "user" component that is loaded in the session scope when > the user logs in. This component contains all of the user's > information as well as methods dealing with the user's information. > > In the site's main application.cfm, we are checking to verity that > "session.userdata" is defined in order to access any page. If that > variable is not defined, then we direct the user to a "session > timeout" page that requires them to log back in. Our goal is to have > the session timeout be set at 2 hours. We've made sure that, on the > coldfusion server admin end, everything is setup to 2hrs. In the > application.cfm page, we're setting the application up like this: > > <cfapplication name="test" sessionmanagement="yes" > sessiontimeout="#CreateTimeSpan(0,2,0,0)#" setclientcookies="yes"> > > OK, so in theory this should be fine. Well, not so much. Most (like > 90% or > more) of our users DO NOT have any issues. They stay logged in for > the > 2 > hours without any problems. In fact, we are unable to duplicate the > problem but have confirmed that it's happening with some users. Every > time the view a page the timer is reset and all is well. Well for > quite a few users we are seeing that their sessions are timed out > randomly, ranging from 3 minutes all the way to 117 minutes! It is > very strange. > > The site is on a cluster (2 servers), so we assumed that the "sticky" > is not working correctly. Proxy server stuff also has been > considered. We've taken all of the steps necessary to eliminate both > possibilities.....we're now running on 1 server and making sure that > no pages are cached by remote proxies. > > I've been researching how coldfusion manages sessions. We are > gathering as much data as we can when the timeout occurs. From what > we've found, the CFID, CFTOKEN, and JSESSIONID are all still valid > cookies on the user side. > For whatever reason the session scope variables are being wiped out > randomly. There has been no pattern to this, it's completely random > and the data collected is not pointing in any one direction. > > If you have any advice, please respond. I've spent a lot of time > recently trying to chase down this problem and I'm getting very > annoyed by it. I would sincerely appreciate any input. We are using > CFMX 6.1. > > Any questions about what I've posted please let me know and I'll do my > best to answer. > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| ColdFusion MX7 and Flex 2 Build sales & marketing dashboard RIAâs for your business. Upgrade now http://www.adobe.com/products/coldfusion/flex2?sdid=RVJT Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:274594 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4