Are all your sites running under CF or do you have another Java-based app server, like Tomcat/JBoss, running portions of your site as well? That happened to me. Someone turned on sessions for a Tomcat app that didn't need it and users would drop sessions as they moved around the site from the CF side to the Tomcat side,
Phil On Tue, Mar 6, 2012 at 10:33 AM, Robert Rhodes <rrhode...@gmail.com> wrote: > > For both Phillip and Donnie -- I just set the site up for database storage > for the client session in the cf admin (server settings -> client > variables), and I see data going in those two tables, but I am still losing > the session state when moving from https to http. I have this set in my > application.cfm: > > clientmanagement="Yes" > sessionmanagement="Yes" > setclientcookies="No" > clientstorage="MyDSN" > > What am I doing wrong? > > I did remove the change I made to jrun to force session cookies to be set > securely, but I doubt that matters now, because set client cookies is set > to no. > > I am running cf 9.01 standard. > > -RR > > On Tue, Mar 6, 2012 at 9:24 AM, Donnie Bachan (Gmail) < > donnie.bac...@gmail.com> wrote: > > > > > Robert, > > > > This is odd that you are losing the session, are you using CF in > > multiserver mode or standalone? The article you referenced was for CF8, > > however, we're currently running CF9 Ent in multiserver mode and we've > not > > had this issue crop up. We are however using a DB with client cookies for > > managing state across CF instances. > > > > Best Regards, > > Donnie Bachan > > "Nitendo Vinces - By Striving You Shall Conquer" > > ====================================================================== > > The information transmitted is intended only for the person or entity to > > which it is addressed and may contain confidential and/or privileged > > material. Any review, retransmission, dissemination or other use of, or > > taking of any action in reliance upon, this information by persons or > > entities other than the intended recipient is prohibited. If you received > > this in error, please contact the sender and delete the material from any > > computer. > > > > > > On Tue, Mar 6, 2012 at 2:17 PM, Che Vilnonis <ch...@asitv.com> wrote: > > > > > > > > Robert, a product like Fuseguard from Pete Freitag or a Web Application > > > Firewall (or a plugin type of "filter" to your existing firewall) may > > help. > > > I'm currently going through a similar process and thought these options > > > might help. > > > > > > Ché > > > > > > -----Original Message----- > > > From: Robert Rhodes [mailto:rrhode...@gmail.com] > > > Sent: Tuesday, March 06, 2012 9:08 AM > > > To: cf-talk > > > Subject: Re: Failed PCI Compliance test on CF9.01 > > > > > > > > > Justin, thanks for the reply, and I get your point, but I can't break > out > > > the registration process into a standalone site quickly. There must > be a > > > fairly quick solution to this problem. Surely, I can't be the first to > > > deal > > > with this. > > > > > > > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350266 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
