Hey gang,
I've got a really WEIRD thing going on... a true stumper.
Got a CF/SQL7 box. It's sitting on a client's internal LAN. Hence, their
users on their LAN (and they're nationwide - I believe users in the field
dial in and/or have dedicated lines, I'm not 100% sure - not my problem) hit
this box pretty quick when they're using the app that's running on it (it's
a computer-based training app).
The app keeps track of users via session variables - tuck the userID in a
session var, etc. No sweat.
The thing is... occasionally, when there are multiple people accessing the
training app at the same time, sessions get hijacked. To wit:
Joe is in the training app. His 'session.userid' is 123.
Mary comes along, logs in, starts using the app. Her userid is 456.
At some point, Joe's computer all of a sudden thinks its session.userid is
456 - Mary's.
Why?
On top of all this... this only happens INSIDE THEIR LAN. Those of us on the
outside (in our office, and in the office of the partner company who
develops the content for the system) have NO problems like this.
I've put in some debug display code and would have the company's
propellerheads go through the app, from within their LAN, and boom - the
output of the session.userid changes. The IP info for the client boxes is
fine - I was spitting that out with the rest of the info - and it went
unchanged.
I understand that session info is stored in the server's RAM. I'm
considering trying to swap over to a client variable-based method, and
storing that info in the database.
Thoughts?
--Scott
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
