RE: What conditions would cause a new jsessionid to be assigned to a user session?
Jason, Not sure if you saw my reply to the now somewhat out of control thread on CFC locking, so here it is again: I have seen a problem where a proxy cache was mixing up user's sessions so they would actually see each other's data. The actual mechanism was that the proxy would return the cookie headers (to the browser) out of proxy cache. A lot of the time, of course, the cached cookie would be referring to an expired session, so it would look like a session timeout. We developed a mechanism for comparing the cookie sent to the browser by the server with the cookie that the browser sends back - where they're different, there's been a cache mixup. We resolved this with no-cache directives. I'm presuming you've tried that, but it's suprisingly difficult, so it might be worth another look. See: http://www.bpurcell.org/blog/index.cfm?mode=entryentry=1075 http://support.microsoft.com/kb/222064 Ultimately, though, neither browsers nor proxies are obliged to honour your caching directives. Jaime Metcher -Original Message- From: Jason Dunaway [mailto:[EMAIL PROTECTED] Sent: Friday, 13 April 2007 11:33 PM To: CF-Talk Subject: What conditions would cause a new jsessionid to be assigned to a user session? I know this may be a rather rookie question, but I want as much input as possible on this so I'm asking it anyways. We're having problems with users being timed out prematurely, before the 2hr time limit our client has decided upon. Everything has been setup in CFadministrator correctly, as 95% of the users are able to stay logged in for the 2hr time frame and have no problems. With the small percentage of users that are not being able to stay logged, the timeout is random and the server assigns a NEW jsessionid to them. Of course, when this happens all of the user info that is stored in session is lost, therefore they are gracefully kicked out of the site and asked to log in again. Anyone have any input as to what can be causing this? Thanks! ~| Deploy Web Applications Quickly across the enterprise with ColdFusion MX7 Flex 2 Free Trial http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275298 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: What conditions would cause a new jsessionid to be assigned to a user session?
Something monkeying with the jsession cookie, I imagine. A poorly-conceived spyware blocker, perhaps, or a poorly configured proxy server. Can you find any commonality among the users this is happening to? Browser version? Company or IP address? -Original Message- I know this may be a rather rookie question, but I want as much input as possible on this so I'm asking it anyways. We're having problems with users being timed out prematurely, before the 2hr time limit our client has decided upon. Everything has been setup in CFadministrator correctly, as 95% of the users are able to stay logged in for the 2hr time frame and have no problems. With the small percentage of users that are not being able to stay logged, the timeout is random and the server assigns a NEW jsessionid to them. Of course, when this happens all of the user info that is stored in session is lost, therefore they are gracefully kicked out of the site and asked to log in again. ~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 MX7 integration create powerful cross-platform RIAs http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJQ Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275134 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: What conditions would cause a new jsessionid to be assigned to a user session?
Of the 360 timeouts that have happened during the last few weeks there are 99 ip addresses. A few of them have this happen moreso than others. Browser is IE most of the time, version 6 I believe. I never thought of the spyware blocker suggestion, might be a possibility... We've discussed proxy server stuff with a few of our clients, but even making a few tweaks on their end we still have it happen. I will keep looking at the data to see what I can get from it. thanks for your input! Something monkeying with the jsession cookie, I imagine. A poorly-conceived spyware blocker, perhaps, or a poorly configured proxy server. Can you find any commonality among the users this is happening to? Browser version? Company or IP address? -Original Message- I know this may be a rather rookie question, but I want as much input as possible on this so I'm asking it anyways. We're having problems with users being timed out prematurely, before the 2hr time limit our client has decided upon. Everything has been setup in CFadministrator correctly, as 95% of the users are able to stay logged in for the 2hr time frame and have no problems. With the small percentage of users that are not being able to stay logged, the timeout is random and the server assigns a NEW jsessionid to them. Of course, when this happens all of the user info that is stored in session is lost, therefore they are gracefully kicked out of the site and asked to log in again. ~| ColdFusion MX7 by AdobeĀ® Dyncamically transform webcontent into Adobe PDF with new ColdFusion MX7. Free Trial. http://www.adobe.com/products/coldfusion?sdid=RVJV Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275139 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: What conditions would cause a new jsessionid to be assigned to a user session?
still having the problem eh? You're not alone :) Here are most good topics on it: Sun Developer Network - Tomcat workarounds to holding IE sessions:: http://forum.java.sun.com/thread.jspa?threadID=702395messageID=4073475 post on using apache as proxy vs using Tomcat directly and session dropping results: http://mail-archives.apache.org/mod_mbox/httpd-users/200310.mbox/[EMAIL PROTECTED] While not CF specific they relate more to jsessionid in general :) MS KB - IE 5.5+ losing session bug with new window (I'll save the suspense - its because the users home page was set to a local root file not a web page :o ) http://support.microsoft.com/kb/300895 MSDN Forums - Internet Explorer Web Development (search in here for session and be overwhelmed =\ ) http://forums.microsoft.com/MSDN/ShowForum.aspx?ForumID=923SiteID=1 ~| Create Web Applications With ColdFusion MX7 Flex 2. Build powerful, scalable RIAs. Free Trial http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJS Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275142 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: What conditions would cause a new jsessionid to be assigned to a user session?
Thanks again for the help Dana! still having the problem eh? You're not alone :) Here are most good topics on it: Sun Developer Network - Tomcat workarounds to holding IE sessions:: http://forum.java.sun.com/thread. jspa?threadID=702395messageID=4073475 post on using apache as proxy vs using Tomcat directly and session dropping results: http://mail-archives.apache.org/mod_mbox/httpd-users/200310. mbox/[EMAIL PROTECTED] While not CF specific they relate more to jsessionid in general :) MS KB - IE 5.5+ losing session bug with new window (I'll save the suspense - its because the users home page was set to a local root file not a web page :o ) http://support.microsoft.com/kb/300895 MSDN Forums - Internet Explorer Web Development (search in here for session and be overwhelmed =\ ) http://forums.microsoft.com/MSDN/ShowForum.aspx?ForumID=923SiteID=1 ~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 MX7 integration create powerful cross-platform RIAs http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJQ Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275144 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: What conditions would cause a new jsessionid to be assigned to a user session?
I've never seen this, so this is just a random idea: Do you have access to the web server log files (and do you log cookies)? If so, can you verify that the client browser was sending in the same cookie value to the server at the point where they got redirected to the login? If the client didn't send the same cookie values then the server would have no choice but to assign a new value. If you can verify that the client was doing the right thing then I imagine that helps to isolate the problem to the server. Just an idea... Mark -Original Message- From: Jason Dunaway [mailto:[EMAIL PROTECTED] Sent: Friday, April 13, 2007 9:33 AM To: CF-Talk Subject: What conditions would cause a new jsessionid to be assigned to a user session? I know this may be a rather rookie question, but I want as much input as possible on this so I'm asking it anyways. We're having problems with users being timed out prematurely, before the 2hr time limit our client has decided upon. Everything has been setup in CFadministrator correctly, as 95% of the users are able to stay logged in for the 2hr time frame and have no problems. With the small percentage of users that are not being able to stay logged, the timeout is random and the server assigns a NEW jsessionid to them. Of course, when this happens all of the user info that is stored in session is lost, therefore they are gracefully kicked out of the site and asked to log in again. Anyone have any input as to what can be causing this? Thanks! ~| Create Web Applications With ColdFusion MX7 Flex 2. Build powerful, scalable RIAs. Free Trial http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJS Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275152 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: What conditions would cause a new jsessionid to be assigned to a user session?
If the client didn't send the same cookie values then the server would have no choice but to assign a new value. If you can verify that the client was doing the right thing then I imagine that helps to isolate the problem to the server. Along these lines, make sure that all the requests are either www.mysite.com or mysite.com If a session is set with www.mysite.com but then somebody sends a request to mysite.com, it will cause the behavior you're seeing. The attribute setdomaincookies of the cfapplication tag addresses this issue. -- Josh ~| Macromedia ColdFusion MX7 Upgrade to MX7 experience time-saving features, more productivity. http://www.adobe.com/products/coldfusion?sdid=RVJW Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275165 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: What conditions would cause a new jsessionid to be assigned to a user session?
while there are a lot of things you can do there is a reality than Internet Explorer 5.5 through version 7 has some bugs and features that hamper pure session functionality without the use of cookies unfortunately. ~| ColdFusion MX7 by AdobeĀ® Dyncamically transform webcontent into Adobe PDF with new ColdFusion MX7. Free Trial. http://www.adobe.com/products/coldfusion?sdid=RVJV Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275175 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: What conditions would cause a new jsessionid to be assigned to a user session?
Encourage your affected users to download Firefox and see if that rectifies the problem. Andrew. ~| Upgrade to Adobe ColdFusion MX7 The most significant release in over 10 years. Upgrade see new features. http://www.adobe.com/products/coldfusion?sdid=RVJR Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275178 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
