This is a pretty old post but given its importance as related to client
variables I want to revist this.
I have a system setup where two cf machines are tied together via dns
round-robin and share the same database for client storage. As the number of
simultaneous users increasesd, the number of users overstepping/intruding
into other's client memory space have increased to such as a point that I
had to store the IP of the client user as part of the client init and verify
the user ip with the client var each time as not to assume the cfid/cftoken
on the client browser do actually belong to them. I have not personally
reproduced on my machines but given the hundreds of reports this is not a
coincidence. Other than the round-robin setup there are nothing special
about the way the client vars are stored in the database.
Although this problem has been seen more from IE 5 users, it is not
exclusively IE. Netscape and IE 5.5 users have also reported this problem.
Not sure if SP2 has addressed this problem but I hope somebody here has clue
as why this is so. Again, this only surfaces as traffic increases.
I have asked users to manually remove all their cookies stored on their
browser to make sure it's not the browser's fault. It didn't work. I thought
mabye the cfapplication setdomain option was at fault but none of the
combinations resolved the issues. The weird thing is that once you overstep
into another person's memory space, you will ALWAYS overstep into that
particular person's client vars in the future. This is not a you assume a
random person's identity every time. CF's client management system somehow
remembers you AND someone that you shouldn't be associated with. I have no
clue why this is so.
In fact, this problem is a bit related to an thread way back when where
someone had a perculiar SQL error with CF trying to create duplicate CDATA
entries. Forgot who was the original poster but that person had trouble with
client states with IE 5 browsers. At first I really didn't believe it could
happen to me, will...it has and I'm clueless. The only solution I have, thus
far, is to manually verify an additional bit of information (IP adderss) for
each client accessed page.
Xing
p.s. Maybe CF 5 should let us modify the client
creation/deletion/verification SQL scripts? It's no secret the generic
statements they use and I don't see a reason why they shouldn't make them
customizable.
----- Original Message -----
From: "paul smith" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Sunday, November 19, 2000 12:07 PM
Subject: Re: clientVar storage/multiple CFAS/single storage db
> The problem (if there is one) is that the next (or last, I don't know
> which) value of CFID is kept in the Registry. Two machines that don't
talk
> to one another means both machines *could* come up with the same
> CFID. Even if possible, it must be very unlikely (ordinarily).
>
> OTOH, if you start out with 2 machines, each with a new install of CF,
they
> BOTH start out with CFID=1 at the same time ;-)
>
> In addition, in one cookie-less app I've developed, I see that CFAS
> increments the Register-based current value of CFID with each page
> request. So while my app might have CFID=56321 with each page request in
> one instance of the app, if I start another instance of the app it might
> have CFID=56402 (with the app not accessed by anyone in the interim).
>
> best, paul
>
> At 11:59 AM 11/19/00 -0500, you wrote:
> >I presume if it's in the registry or a database, it's not going to assign
> >a pair to anyone that is already existing. Therefore, I don't see how two
> >people could end up with the same pair.
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
