First off, I find sessions locking to be the most annoying thing in the world and thus use databased client vars. If you think theres even a slight chance of moving to a clusterd environment, then this is the time to switch. It ends up with cleaner code so you might want to try it anyway. Theres not even a minimal performance gain especially when two people are looking up the same values.
Secondly, This can be a logic problem in coldfusion that might cause this so beware of that and find a way to test your code to the point where you are completely certain. (if your completely certain now, then test it again in a different fashion) Thirdly, the two clients were in the same office on your network on somewhere else behind a firewall? Firewalls sometimes mess with cookies. So, are you appending the cfid and token to each link or relying on cookies? However note that appending it to the url makes it easy for a user to switch the numbers and try and session hop. Not that opening the cookie is that hard either. I've been tinkering with tracking that info in two places (cookie and encrypted url) and comparing the values at each http request. You might want to try something like this to ensure that the tracking info cant be messed with. DRE -----Original Message----- From: Jeffry Houser [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 9:29 AM To: CF-Talk Subject: RE: Session Swapping" incident The obvious answer is Lock, although if it's something different I'm lost. Was the following message hit by the line monster? The original poster specified that he was locking, and based on his description he was locking properly. At 04:21 PM 01/28/2002 +0000, you wrote: >in the words of our immortal Jedi Master on another list.. > > >"Repeat after me - if I _type_ session, application, or server, I should > ______________________________________________________________________ Get Your Own Dedicated Windows 2000 Server PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation · $99/Month · Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusionb FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists