Paul, make sure you have 20 minutes for both the default and maximum settings. I had the default set at 20, but the maximum was set at 60 minutes and there ended up being 2 applications that used that maximum setting, or at least were above the default.
Phil On Fri, Apr 17, 2009 at 10:56 AM, Paul Vernon < paul.ver...@web-architect.co.uk> wrote: > > > First, why it happens. When using J2EE sessions, the session is > > handled by the J2EE server (JRun in your case). JRun has an internal > > setting for the duration of sessions; that's controlled in the XML > > file. Now, CF also has its own timeouts, which control how long to > > keep using the same JRun session; if CF's session timeout is longer > > than JRun's, CF is looking for a dead JRun session and you get the > > invalid session error. Make sure the MAXIMUM CF session timeout > > setting is less than the JRun setting. > > This is what I don't understand... I have the CF Admin settings set to 20 > mins for the session life. The JSEE sessions were set at 30 mins and I saw > lots of errors. I've now increased the time to 35 minutes and although the > errors are reduced in number, they still happen... > > As you have stated the issue, the errors should not have happened in the > first place with our setup and increasing the J2EE session timeout by a > further 5 minutes seems like an odd way to reduce the errors we've seen > but, > nevertheless, that is what it has done. > > I'm thinking this may be a timing issue on multi-CPU deployments. I > remember > back in the day looking at task manager stats where the System Idle time > would read close to 48 hours when the server was re-booted 24 hours > previously because the clock was accounting for the idle time on both > processors... I wonder if the JRun session timeout process is looking at a > ticker in the system that is effectively halving/quartering etc. the > entered > value in relation to the number of processors in the system and causing > these timing anomalies? The idea (in my mind at least) has merit. > > > Second, the JSESSION cookie is the only one used for J2EE sessions. > > The CFID and CFTOKEN cookies are used for client variables; you can > > prevent them from being set for new users with the setClientCookies > > setting in your application tag/cfc (set it to false). > > That sorts out that bit. Thanks! > > Paul > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321742 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4