Thannks Pete, Same domain....yes.....but you speak of a recent hotfix....well this is CF 8 ;-)
Thankfully I have been told to shelve this issue for other major priorities, but thanks for the tips...I may need to come back to this at some point. Cheers On Thu, 2011-12-15 at 14:52 -0500, Pete Freitag wrote: > Bryan, > > Are these apps running on the same domain or different domains, if > they are on the same domain then you will need to specify the path in > your session cookies so they don't invalidate each other (this > relatively new behavior due to the session fixation security hotfix > APSB11-04 released in Feb). > > Also if you are experiencing a cookie problem on one browser but not > another make sure you have cleared cookies first. > > -- > Pete Freitag - Adobe Community Professional > http://foundeo.com/ - ColdFusion Consulting & Products > http://petefreitag.com/ - My Blog > http://hackmycf.com - Is your ColdFusion Server Secure? > > > > > On Thu, Dec 15, 2011 at 12:22 PM, Bryan Stevenson > <br...@electricedgesystems.com> wrote: > > > > Hey All, > > > > Can't say that I've bumped into this before..... > > > > 1) 2 apps are involved and both use SESSION vars to store user details > > once they login. > > > > 2) Both apps are set to setClientCookies in CFAPPLICATION > > > > 3) App 1 uses a standard login form where credentials are verified and > > the SESSION vars are set if successful > > > > 4) App 2 uses Windows Integrated Authentication to grab the user's ID > > off the network and use that as part of the authentication process - > > when successful...SESSION vars are set as in app 1 > > > > 5) Both apps have a different name in CFAPPLICATION ;-) > > > > 6) both apps reside on the same server running CF 8 against Oracle 10G > > > > Here's what happens on WinXP Pre SP 3 with IE 7: > > ---------------------------------------------------------------------------------------------------- > > 1) Open new IE7 window and log in to app1 > > > > 2) Open new IE7 window and log in to app 2 > > > > 3) Go back to the browser with app 1 and try to navigate through app - > > get kicked to session expired screen > > ---------------------------------------------------------------------------------------------------- > > > > This was tested by another user on XP with IE8 and the issue did not > > occur. > > > > So I'm pretty sure this is an IE7 issue, but I'm a tad lean on things to > > check....any ideas? > > > > TIA > > > > Cheers > > -- > > > > > > Bryan Stevenson B.Comm. > > VP & Director of E-Commerce Development > > Electric Edge Systems Group Inc. > > phone: 250.480.0642 > > fax: 250.480.1264 > > cell: 250.920.8830 > > e-mail: br...@electricedgesystems.com > > web: www.electricedgesystems.com > > > > Notice: > > This message, including any attachments, is confidential and may contain > > information that is privileged or exempt from disclosure. It is intended > > only for the person to whom it is addressed unless expressly authorized > > otherwise by the sender. If you are not an authorized recipient, please > > notify the sender immediately and permanently destroy all copies of this > > message and attachments. > > Please consider the environment before printing this e-mail > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349174 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
