> OK, so is this a WAR installation that you just dropped onto Tomcat? Just > want to be totally sure I'm using the same setup.
Yes, exactly. > I'll set up a test just to see if I experience the same thing and if so > we'll hand it off to Alan and Andy for verification and a fix if necessary. I don't know exactly how this works "under the hood", but it sounds almost like a seperate process which every X minutes take care of cleaning the timed-out sessions. And a missing check if a session is used again to see if it hasn't already timed out. > Appreciate the thorough information--we'll get to the bottom of it! Well, I remembered a very good presentation from Ben Nadel on the "power" of just Application.cfc. Also I remembered several cases with big problems around sessions/cookies (only recently, with the session fixation "fix" in CF9.0.1 hotfix2) and that is why I was playing around with this. Which leaves the "client variables". Personally I like to use them because I don't like the session-to-server binding in a load-balanced environment. So if apps need to scale, I prefer to make them sessionless. I understand the limitations of client variables over sessions (only basic structures), but the session-in-database aspect I like. But please tell me your opinion why to avoid using clients and how do we solve that on load-balanced environments? What also comes out of this "testing" is that I now understand the setclientcookies better. If I am not mistaken, I could disable sessions and clients and still have <cfset this.setclientcookies = "Yes"> ... assign unique CFID&CFTOKEN cookies for visitors. Maybe build alternative client management with that? Thanks again for looking into this. Ivo -- online documentation: http://openbd.org/manual/ google+ hints/tips: https://plus.google.com/115990347459711259462 http://groups.google.com/group/openbd?hl=en Join us @ http://www.OpenCFsummit.org/ Dallas, Feb 2012
