First, why it happens. When using J2EE sessions, the session is handled by the J2EE server (JRun in your case). JRun has an internal setting for the duration of sessions; that's controlled in the XML file. Now, CF also has its own timeouts, which control how long to keep using the same JRun session; if CF's session timeout is longer than JRun's, CF is looking for a dead JRun session and you get the invalid session error. Make sure the MAXIMUM CF session timeout setting is less than the JRun setting.
Second, the JSESSION cookie is the only one used for J2EE sessions. The CFID and CFTOKEN cookies are used for client variables; you can prevent them from being set for new users with the setClientCookies setting in your application tag/cfc (set it to false). mxAjax / CFAjax docs and other useful articles: http://www.bifrost.com.au/blog/ 2009/4/17 Paul Vernon <paul.ver...@web-architect.co.uk>: > > Can someone explain why the "Session is invalid null" occurs? > > We have a site on a dedicated server running CF 8 (8,0,1,195765) Standard > edition. It gets around 11,000 users a day and for the most part is issue > free. > > I've searched HoF etc., I've read the tech notes and I've subsequently > altered the session-timeout value in the web.xml config file so the timeout > is larger than the session timeout in the CF admin settings. Altering the > session-timeout value has *definitely reduced* this error occurring but it > hasn't fixed the problem and my gut instinct is that by altering the > session-timeout value I'm just hiding the problem rather than dealing with it. > > Prior to altering the value, the error was happening around 60 or 70 times a > day, altering the value has reduced this error to a couple of times a day. I > suspect increasing the session-timeout value to an even larger number will > eradicate the problem but because I dont understand the mechanics of why > it's happening in the first place, this solution just doesn't feel right. > > Also, J2EE sessions are enabled and I see the jsessionid in the headers of > requests but I still see CFID and CFTOKEN values too. I may have got this > wrong but I thought that the jsessionid negated the need for CFID and CFTOKEN? > > Any explanations as to exactly how the session cookies work and why the > session null error happens in the first place are gratefully received ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321738 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4