Re: CF session management suddenly not sticking ...

[Money Pit]

I recently found the reason we were seeing two sets of cfid and cftoken
cookies.  We had code similar to this running:








Should be a familiar bit of code to everyone - it converts the browser
cookies to session cookies so closing the browser kills the session.  Once
I flipped the setting to shut this off I stopped seeing the second set of
cfid/cftokens (If I had named the domain in the cfcookie statement this may
also have served the same purpose).  However, overall the 'rotating'
sessions no longer seem to be occurring based on user reports etc. so this
was causing no problems currently, and it certainly never caused problems
for many years before the rollover described earlier in this thread.



On Wed, Mar 19, 2014 at 1:58 PM, Nick Gleason wrote:

>
> We finally resolved this issue.
> First, a big thanks as always to everyone who commented and helped us along
> on this thread.
> Second, here is the resolution.  In our case, the problem was some enhanced
> security filters that we put place recently.  One of the scopes being
> scanned was the cookie scope.  This was working for the most part but would
> result in these sporadic failures which were hard to pinpoint.  The key
> clue was that we realized that the cookie.jsessionid was remaining
> persistent but the session.sessionid variable was not "sticking" - those
> two should be the same.  Once we started focusing more on the cookies, we
> eventually realized what the problem was.
> This issue may not be applicable to others, but if your sessions are
> resetting with every request, you may want to take a closer look at your
> cookies and how they are tied to your sessionid.
> I still don't truly understand how a sessionid could change without a
> change to the underlying cookie, but that appears to be what happened.
> Nick
>
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358136
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CF session management suddenly not sticking ...

[Nick Gleason]

We finally resolved this issue.
First, a big thanks as always to everyone who commented and helped us along 
on this thread.
Second, here is the resolution.  In our case, the problem was some enhanced 
security filters that we put place recently.  One of the scopes being 
scanned was the cookie scope.  This was working for the most part but would 
result in these sporadic failures which were hard to pinpoint.  The key 
clue was that we realized that the cookie.jsessionid was remaining 
persistent but the session.sessionid variable was not "sticking" - those 
two should be the same.  Once we started focusing more on the cookies, we 
eventually realized what the problem was.
This issue may not be applicable to others, but if your sessions are 
resetting with every request, you may want to take a closer look at your 
cookies and how they are tied to your sessionid.
I still don't truly understand how a sessionid could change without a 
change to the underlying cookie, but that appears to be what happened.
Nick 


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358053
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CF session management suddenly not sticking ...

[Nick Gleason]

Hi there,
Thanks for your follow up post.  It definitely seems that we have something 
similar going on.  We have switched some features to be less dependent on 
sessions and more on other scopes.  That has worked ok but longer term we 
want sessions to work consistently.
It's been very difficult because it happens very sporadically.
I did see a post on an adobe forum about a similar sounding issue (jsession 
sessionid restarting on each request) that suggested that IIS might be 
doing a per request re-direct of some kind.  If I am recalling this 
correctly, the thread suggested clearing out old IIS ColdFusion Connectors 
as a solution.
That was a pretty sparse description, so I can't say what the next step 
would be.  If you, or anyone on this thread, can suggest how best to find 
an identify the IIS connectors, that would be great.  We are using IIS 
7.5.
Rolling back the session fixation fix did not make a difference for us.  
That makes sense in that this fix has been out for a year or so and these 
problems just started a few weeks ago.
We have been updating our security filters for XSS and other attacks and I 
am wondering if this could interfere with browser sessions in some way.  
But, that's a wild guess at this point until we do some more testing.
Nick

 


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357981
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CF session management suddenly not sticking ...

[Money Pit]

On Tue, Mar 11, 2014 at 11:52 AM, Dave Watts wrote:

> No, I think you should only have the one cookie for jsessionid. I'm
> not sure why you have the other two.
>

As you can imagine I did some reading on jsession vars after I opened up
this thread.  Look at the comparison table here:

http://goo.gl/Hsxvaa
also referenced in the table here
http://goo.gl/GFJfx3

If you use one of the urltokens you are going to still see CFID and CFToken.

Sounds like Nick is describing my exact problem, inconsistencies and all.

I frankly wound up throwing everything against the wall I could think of.
Rolling the site back was not an option given SEO issues that had already
gone into motion.  I'm about to call the site functional based on a few
days of solidity, at which point I'll begin removing a piece at a time to
try and see when the behavior reverts again (which is maddeningly difficult
given the inconsistent client behavior).  Steps taken:

- Adjusted the JVM to remove session fixation protection
- Switched on J2EE sessions
- For the area where session must be maintained, client.urltoken passed via
the url (!)
- setdomaincookies=yes in cfapplication statement
- cookies wiped per code similar to the 3rd post in this thread, in
OnRequestEnd.cfm.  I'm going after (expires=now) domain cookies expressly
in that code.

I am naturally not happy with the use of client.urltoken in the url but
those pages are behind a form post.

-- 
--m@Robertson--
Janitor, The Robertson Team
mysecretbase.com


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357971
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CF session management suddenly not sticking ...

[Russ Michaels]

check that you do not have any cflocation tags which are using
addtoken="yes" (the default), this seems to be a fairly common cause of
superfluous cfid and cftokens cookies being created

as as per other thread, try completely removing the cookies or use
incognito mode to see if it persists, and try explicitly setting a domain
cookie.



On Tue, Mar 11, 2014 at 8:47 PM, Nick Gleason wrote:

>
> One really interesting behavior here, which may point us in the direction
> of a better solution, is that when this problem with session.jsessionid
> happens (it resets ever page request), cookie.jsessionid remains
> persistent.
> I don't know enough about the linkage there to know if that is expected
> behavior in any scenario.
> I'll be researching this detail but if anyone else has expertise on the
> linkage between session.jsessionid and cookie.jsessionid, we're definitely
> interested.
> Thanks for this very helpful thread.
> Nick
>
>
>
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357923
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CF session management suddenly not sticking ...

[Nick Gleason]

One really interesting behavior here, which may point us in the direction 
of a better solution, is that when this problem with session.jsessionid 
happens (it resets ever page request), cookie.jsessionid remains 
persistent.
I don't know enough about the linkage there to know if that is expected 
behavior in any scenario. 
I'll be researching this detail but if anyone else has expertise on the 
linkage between session.jsessionid and cookie.jsessionid, we're definitely 
interested.
Thanks for this very helpful thread.
Nick

 


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357922
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CF session management suddenly not sticking ...

[Nick Gleason]

Thanks Russ,
With client variables (we're phasing them out) in place as well as the more 
secure j2ee session variables, we seem to have all in use at the moment.  
But, I think that has been a pretty stable configuration for us for some 
time.

Nick 


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357921
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CF session management suddenly not sticking ...

[Dave Watts]

> I'm not really the developer here but I think that we may have client
> variables enabled and my recollection was that client variables may require
> cfid and cftoken.
> It's been running pretty smoothly for a while until this very recent
> issue.

Yes, client variables do require CFID and CFTOKEN.

Dave Watts, CTO, Fig Leaf Software
1-202-527-9569
http://www.figleaf.com/
http://training.figleaf.com/

Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
GSA Schedule, and provides the highest caliber vendor-authorized
instruction at our training centers, online, or onsite.

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357920
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CF session management suddenly not sticking ...

[Nick Gleason]

Thanks Dave,
I'm not really the developer here but I think that we may have client 
variables enabled and my recollection was that client variables may require 
cfid and cftoken.
It's been running pretty smoothly for a while until this very recent 
issue.
Nick

 


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357918
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CF session management suddenly not sticking ...

[Russ Michaels]

I recently tried switching to j2ee sessions and noticed the same thing,
that cfid and cftoken were still being created as well. So it isn't a
unique case.


On Tue, Mar 11, 2014 at 6:52 PM, Dave Watts  wrote:

>
> > I may be getting a bit over my head here, but here is an example of what
> > our session dump looks like:sessionid:
> 84303380daf164aedda3456e2d1856513d2e
> >
> > urltoken:
> >
> CFID=83197727&CFTOKEN=9af68af80f73df3-F872B04C-CA42-C7AB-D8FB410E558AEEE5&js
> > essionid=84303380daf164aedda3456e2d1856513d2e
> > Then, in cookies, we have separate values for, cfid, cftoken, and
> > jsessionid.
> > Does that make sense?
>
> No, I think you should only have the one cookie for jsessionid. I'm
> not sure why you have the other two. Either way, your server should
> only be using one or the other, but if you have multiple CF servers in
> the same domain, it's possible that one is using J2EE sessions while
> the other isn't.
>
> Dave Watts, CTO, Fig Leaf Software
> 1-202-527-9569
> http://www.figleaf.com/
> http://training.figleaf.com/
>
> Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
> GSA Schedule, and provides the highest caliber vendor-authorized
> instruction at our training centers, online, or onsite.
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357919
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CF session management suddenly not sticking ...

[Dave Watts]

> I may be getting a bit over my head here, but here is an example of what
> our session dump looks like:sessionid: 84303380daf164aedda3456e2d1856513d2e
>
> urltoken:
> CFID=83197727&CFTOKEN=9af68af80f73df3-F872B04C-CA42-C7AB-D8FB410E558AEEE5&js
> essionid=84303380daf164aedda3456e2d1856513d2e
> Then, in cookies, we have separate values for, cfid, cftoken, and
> jsessionid.
> Does that make sense?

No, I think you should only have the one cookie for jsessionid. I'm
not sure why you have the other two. Either way, your server should
only be using one or the other, but if you have multiple CF servers in
the same domain, it's possible that one is using J2EE sessions while
the other isn't.

Dave Watts, CTO, Fig Leaf Software
1-202-527-9569
http://www.figleaf.com/
http://training.figleaf.com/

Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
GSA Schedule, and provides the highest caliber vendor-authorized
instruction at our training centers, online, or onsite.

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357917
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CF session management suddenly not sticking ...

[Nick Gleason]

Hi Dave,
I may be getting a bit over my head here, but here is an example of what 
our session dump looks like:sessionid: 84303380daf164aedda3456e2d1856513d2e 

urltoken: 
CFID=83197727&CFTOKEN=9af68af80f73df3-F872B04C-CA42-C7AB-D8FB410E558AEEE5&js
essionid=84303380daf164aedda3456e2d1856513d2e
Then, in cookies, we have separate values for, cfid, cftoken, and 
jsessionid.
Does that make sense?
Nick 


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357916
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CF session management suddenly not sticking ...

[Dave Watts]

> I was just about to post on a very similar problem when I saw this thread.
> We've just had this come up in the last couple of weeks and it happens
> sporadically.  A few quick points:- the problem is that sessions restart
> with each request- the problem happens sporadically- the problem is solved
> temporarily by clearing browser cache - but it seems to come back- we use
> j2ee sessions / jsessionid- when it's happening, the jsessionid changes
> with every request (causing the sessionid to change)- the cfid and cftoken
> have been persistent - the problem seems to be with the jsessionid
> changing- we also dumped cookies and - here is the weird part - jsessionid
> in cookies persists.  it does not change per request the way that it does.
> we use 9.0.1 and it is fully patched.  We also use IIS 7.5.
> The biggest incongruity is that when the problem is happening, the
> jsessionid persists in cookies (and cookie scope) but not in the session
> scope.  We thought that there was a tighter connection.
> We have not tried to adjust the session fixation settings.  That may be our
> next move.

I'm confused. If you're using J2EE sessions, you shouldn't have
cookies for CFID and CFTOKEN.

> We have also started to use trusted cache more extensively recently, but my
> sense is that is not involved here.

Your sense is correct - all this does is prevent CF from checking to
see if files need to be recompiled.

Dave Watts, CTO, Fig Leaf Software
1-202-527-9569
http://www.figleaf.com/
http://training.figleaf.com/

Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
GSA Schedule, and provides the highest caliber vendor-authorized
instruction at our training centers, online, or onsite.

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357915
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CF session management suddenly not sticking ...

[Nick Gleason]

Hi All,
I was just about to post on a very similar problem when I saw this thread.  
We've just had this come up in the last couple of weeks and it happens 
sporadically.  A few quick points:- the problem is that sessions restart 
with each request- the problem happens sporadically- the problem is solved 
temporarily by clearing browser cache - but it seems to come back- we use 
j2ee sessions / jsessionid- when it's happening, the jsessionid changes 
with every request (causing the sessionid to change)- the cfid and cftoken 
have been persistent - the problem seems to be with the jsessionid 
changing- we also dumped cookies and - here is the weird part - jsessionid 
in cookies persists.  it does not change per request the way that it does.
we use 9.0.1 and it is fully patched.  We also use IIS 7.5.
The biggest incongruity is that when the problem is happening, the 
jsessionid persists in cookies (and cookie scope) but not in the session 
scope.  We thought that there was a tighter connection.
We have not tried to adjust the session fixation settings.  That may be our 
next move.
We have also started to use trusted cache more extensively recently, but my 
sense is that is not involved here.
Nick
 


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357914
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CF session management suddenly not sticking ...

[Money Pit]

Speaking of that linked article, I disabled the session fixation patch via
Pete's instructions (-Dcoldfusion.session.protectfixation=false in the JVM)
and so far I've got proper functionality.  I've had inconsistent results
before this so I'm not declaring temporary victory just yet but this is
promising.  Even if this is the solution I need to move to J2EE sessions
methinks.

--M@--


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357893
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CF session management suddenly not sticking ...

[Money Pit]

> Are you sure no cfpatches have been installed, specifically the one in the
> link I sent earlier.

Well earlier I said

"...it is CF9 with all patches."

But I should have said "it is *9.01* with all patches".  So yes APSB11-04
was definitely one of them.  I subscribe to Foundeo's monthly (?) security
probe and double checked.

--M@--


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357892
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CF session management suddenly not sticking ...

[Russ Michaels]

Are you sure no cfpatches have been installed, specifically the one in the
link I sent earlier.
Often people are adamant when they say no only to find someone else did it.

Russ Michaels
www.michaels.me.uk
cfmldeveloper.com
cflive.net
cfsearch.com
On 7 Mar 2014 21:03, "Money Pit"  wrote:

>
> I was thinking html code but yes thats a possibility as well.  However a)
> my test units are plain vanilla XP/IE8 wkstns and b) the CF code in
> question has been running fine for years on these same desktops.  We use
> the web site in-house on a daily basis.
>
> Worth noting:  The demo code you were seeing was on a 'new.' subdomain.
> But the problem evidenced itself on the 'www.'... We just moved it offline
> to the 'new.' subdomain when the problem and its severity was identified.
>
>
> On Fri, Mar 7, 2014 at 12:43 PM, Carl Von Stetten
> wrote:
>
> >
> > I think by "add on" he might have been referring to a browser add-on or
> > plugin that the users have installed into Internet Explorer.
> > -Carl V.
> >
> > >> Or maybe you have an add on that is killing cookies.
> > > That was my very first thought and I went straight to the design team
> who
> > > swore that we weren't doing anything genuinely different.  Nonetheless
> we
> > > pulled a bunch of stuff out with no success.  To finally clear that I
> > wrote
> > > up the bare bones page (previous post) and it too is evidencing the
> > > problem.  I'm in full control of the server and there's nothing
> > server-side
> > > changed at the server level.  BTW it is CF9 with all patches.
> > >
> >
> >
> >
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357891
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CF session management suddenly not sticking ...

[Money Pit]

I was thinking html code but yes thats a possibility as well.  However a)
my test units are plain vanilla XP/IE8 wkstns and b) the CF code in
question has been running fine for years on these same desktops.  We use
the web site in-house on a daily basis.

Worth noting:  The demo code you were seeing was on a 'new.' subdomain.
But the problem evidenced itself on the 'www.'... We just moved it offline
to the 'new.' subdomain when the problem and its severity was identified.


On Fri, Mar 7, 2014 at 12:43 PM, Carl Von Stetten
wrote:

>
> I think by "add on" he might have been referring to a browser add-on or
> plugin that the users have installed into Internet Explorer.
> -Carl V.
>
> >> Or maybe you have an add on that is killing cookies.
> > That was my very first thought and I went straight to the design team who
> > swore that we weren't doing anything genuinely different.  Nonetheless we
> > pulled a bunch of stuff out with no success.  To finally clear that I
> wrote
> > up the bare bones page (previous post) and it too is evidencing the
> > problem.  I'm in full control of the server and there's nothing
> server-side
> > changed at the server level.  BTW it is CF9 with all patches.
> >
>
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357890
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CF session management suddenly not sticking ...

[Carl Von Stetten]

I think by "add on" he might have been referring to a browser add-on or 
plugin that the users have installed into Internet Explorer.
-Carl V.

>> Or maybe you have an add on that is killing cookies.
> That was my very first thought and I went straight to the design team who
> swore that we weren't doing anything genuinely different.  Nonetheless we
> pulled a bunch of stuff out with no success.  To finally clear that I wrote
> up the bare bones page (previous post) and it too is evidencing the
> problem.  I'm in full control of the server and there's nothing server-side
> changed at the server level.  BTW it is CF9 with all patches.
>


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357888
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CF session management suddenly not sticking ...

[Money Pit]

> I think it was pretty clear that code he listed was being used solely to
> diagnose a problem

Precisely.  Its the production environment but not the production site.
I'm testing with some old in-office desktops that mimic the problem
reported to us by users when this site was live for roughly 24 hrs before I
pulled it.

> The best solution, in my opinion, is to switch to J2EE sessions,
> assuming you can invest the time and effort to do that.

Seeing as my efforts on this seem to be going nowhere (old browsers will
occasionally start working but always revert after a TBD period of
inactivity) that sounds like good advice.  Working on that now.

And its all happening on a CF-based site that has been humming along in its
present form since 2006... all we did was make it prettier... re-skinned it
with a different front end.  And it still works fine for the majority of
visitors.

> Any chance you are using Chrome in Incognito mode?
Nope.  The only place I can replicate the issue is on IE8 running on XP.

>Or maybe you have an add on that is killing cookies.
That was my very first thought and I went straight to the design team who
swore that we weren't doing anything genuinely different.  Nonetheless we
pulled a bunch of stuff out with no success.  To finally clear that I wrote
up the bare bones page (previous post) and it too is evidencing the
problem.  I'm in full control of the server and there's nothing server-side
changed at the server level.  BTW it is CF9 with all patches.




On Fri, Mar 7, 2014 at 11:44 AM, Carl Von Stetten
wrote:

>
> I forgot about the persistence issue.  Personally, I consider the lack
> of session persistence to be a security benefit.  But not everyone will
> agree.
> -Carl V.
>
> On 3/7/2014 11:17 AM, Dave Watts wrote:
> > If you're not directly referencing CFID and CFTOKEN in your code, and
> > you're not relying on the default persistence of CF session cookies,
> > you should be able to just enable that option.
> >
> > By "the default persistence of CF session cookies", I mean that CF's
> > session cookies by default don't get deleted when the browser is
> > closed. J2EE session cookies do. So, if a user logs into your app,
> > closes the browser, then opens it back up, the user will have to log
> > in again if you're using J2EE sessions even if the session would not
> > have expired otherwise.
> >
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357887
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CF session management suddenly not sticking ...

[Carl Von Stetten]

I forgot about the persistence issue.  Personally, I consider the lack 
of session persistence to be a security benefit.  But not everyone will 
agree.
-Carl V.

On 3/7/2014 11:17 AM, Dave Watts wrote:
> If you're not directly referencing CFID and CFTOKEN in your code, and
> you're not relying on the default persistence of CF session cookies,
> you should be able to just enable that option.
>
> By "the default persistence of CF session cookies", I mean that CF's
> session cookies by default don't get deleted when the browser is
> closed. J2EE session cookies do. So, if a user logs into your app,
> closes the browser, then opens it back up, the user will have to log
> in again if you're using J2EE sessions even if the session would not
> have expired otherwise.
>

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357886
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CF session management suddenly not sticking ...

[Dave Watts]

> So considering the above - what, in theory, would be the exact
> consequences in switching to J2EE sessions? I don't this there would be
> that much code that would need to be changed. I'm simply checking that
> session.isADMIN is true in my application file.  I admittedly don't have
> a super-technical understanding of exactly how things have changed
> between CF8 and CF10.

If you're not directly referencing CFID and CFTOKEN in your code, and
you're not relying on the default persistence of CF session cookies,
you should be able to just enable that option.

By "the default persistence of CF session cookies", I mean that CF's
session cookies by default don't get deleted when the browser is
closed. J2EE session cookies do. So, if a user logs into your app,
closes the browser, then opens it back up, the user will have to log
in again if you're using J2EE sessions even if the session would not
have expired otherwise.

Dave Watts, CTO, Fig Leaf Software
1-202-527-9569
http://www.figleaf.com/
http://training.figleaf.com/

Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
GSA Schedule, and provides the highest caliber vendor-authorized
instruction at our training centers, online, or onsite.

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357885
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CF session management suddenly not sticking ...

[Carl Von Stetten]

IIRC, unless you explicitly access CFID/CFTOKEN in your code, there 
shouldn't be any issues.
-Carl V.

On 3/7/2014 10:45 AM, Les Mizzell wrote:
> So considering the above - what, in theory, would be the exact
> consequences in switching to J2EE sessions? I don't this there would be
> that much code that would need to be changed. I'm simply checking that
> session.isADMIN is true in my application file.  I admittedly don't have
> a super-technical understanding of exactly how things have changed
> between CF8 and CF10.
>

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357884
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: CF session management suddenly not sticking ...

[DURETTE, STEVEN J]

Any chance you are using Chrome in Incognito mode? Maybe it's just dropping the 
cookies as fast as you assign them. Or maybe you have an add on that is killing 
cookies.

Steve

-Original Message-
From: Les Mizzell [mailto:lesm...@bellsouth.net] 
Sent: Friday, March 07, 2014 1:46 PM
To: cf-talk
Subject: Re: CF session management suddenly not sticking ...


 > The best solution, in my opinion, is to switch to J2EE sessions,
 > assuming you can invest the time and effort to do that.

I'm having almost the exact same problem. My login system, had been 
working perfectly (CF8) until we moved everything to a new server with 
CF10 on it.

Now, Chrome will log you out as fast as you can log in.
The only exception is if I set - addtoken="yes" to the URLs. The second 
it hits a URL without the token, you're out. Not good.











So considering the above - what, in theory, would be the exact 
consequences in switching to J2EE sessions? I don't this there would be 
that much code that would need to be changed. I'm simply checking that 
session.isADMIN is true in my application file.  I admittedly don't have 
a super-technical understanding of exactly how things have changed 
between CF8 and CF10.

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357883
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CF session management suddenly not sticking ...

[Russ Michaels]

try this
http://www.petefreitag.com/item/815.cfm



On Fri, Mar 7, 2014 at 6:34 PM, Gerald Guido  wrote:

>
> On Thu, Mar 6, 2014 at 5:22 PM, Russ Michaels  wrote:
>
> > see if there are multiple cfid/cftoken cookies set.
> > if so, that is likely the issues, and deleting all cookies should solve
> it.
> >
>
> in your cflocation tags you need to use addtoken="no" otherwise this can
> > cause problems
>
>
> Yeah, What Russ said. Had the exact same thing happen to me. You would
> login fine and as soon as you clicked a link or submitted a form it would
> boot you out.
>
> One tip, on IE 10 or 11 (I forget). You will need to delete the cookies
> manually and not using the delete button in the Browser History dialog. At
> least I had to. Deleting cookies using the Browser history dialog did not
> fix the problem in my case.
>
> Tools >> Internet Options >>General >> Settings (under Browser history) >>
> View files >> and delete them there. I just deleted everything in that
> folder.
>
> HTH
> G!
>
> --
> Gerald Guido
>
> Twitter 
> Blarg 
> Facebook 
>
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357882
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CF session management suddenly not sticking ...

[Les Mizzell]

 > The best solution, in my opinion, is to switch to J2EE sessions,
 > assuming you can invest the time and effort to do that.

I'm having almost the exact same problem. My login system, had been 
working perfectly (CF8) until we moved everything to a new server with 
CF10 on it.

Now, Chrome will log you out as fast as you can log in.
The only exception is if I set - addtoken="yes" to the URLs. The second 
it hits a URL without the token, you're out. Not good.











So considering the above - what, in theory, would be the exact 
consequences in switching to J2EE sessions? I don't this there would be 
that much code that would need to be changed. I'm simply checking that 
session.isADMIN is true in my application file.  I admittedly don't have 
a super-technical understanding of exactly how things have changed 
between CF8 and CF10.

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357881
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CF session management suddenly not sticking ...

[Gerald Guido]

On Thu, Mar 6, 2014 at 5:22 PM, Russ Michaels  wrote:

> see if there are multiple cfid/cftoken cookies set.
> if so, that is likely the issues, and deleting all cookies should solve it.
>

in your cflocation tags you need to use addtoken="no" otherwise this can
> cause problems


Yeah, What Russ said. Had the exact same thing happen to me. You would
login fine and as soon as you clicked a link or submitted a form it would
boot you out.

One tip, on IE 10 or 11 (I forget). You will need to delete the cookies
manually and not using the delete button in the Browser History dialog. At
least I had to. Deleting cookies using the Browser history dialog did not
fix the problem in my case.

Tools >> Internet Options >>General >> Settings (under Browser history) >>
View files >> and delete them there. I just deleted everything in that
folder.

HTH
G!

--
Gerald Guido

Twitter 
Blarg 
Facebook 


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357880
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CF session management suddenly not sticking ...

[Carl Von Stetten]

+1 for J2EE sessions.
-Carl V.
On 3/7/2014 9:20 AM, Dave Watts wrote:
> The best solution, in my opinion, is to switch to J2EE sessions, 
> assuming you can invest the time and effort to do that.


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357878
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CF session management suddenly not sticking ...

[Dave Watts]

> Opening a private browser window will always solve the problem.  With that
> in mind, whats the best way to reset cookies on session start?  I am using
> application.cfm.  What could cause this?  Underlying CF code from the
> current site has barely changed.

The problem, I think, is related to changes in session management in
recent releases of CF to prevent session fixation vulnerabilities,
etc. You might have CFID/CFTOKEN cookies that have different domain
attributes, and CF is looking at the wrong ones, if I recall
correctly. Here's a workflow description from a guy who's smarter than
me:

- go to a site that uses restricted cookies:
  -> a cookie gets created (e.g. only valid for the path /admin);
- visit a page on the same domain, but outside the restriction:
  -> browser doesn't send cookie;
  -> a new cookie gets created (valid for /);
- go back to the restricted area:
  -> browser sends both cookies.

The best solution, in my opinion, is to switch to J2EE sessions,
assuming you can invest the time and effort to do that.

Dave Watts, CTO, Fig Leaf Software
1-202-527-9569
http://www.figleaf.com/
http://training.figleaf.com/

Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
GSA Schedule, and provides the highest caliber vendor-authorized
instruction at our training centers, online, or onsite.

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357877
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CF session management suddenly not sticking ...

[Carl Von Stetten]

I think it was pretty clear that code he listed was being used solely to 
diagnose a problem he was experiencing **on a production server** and 
from **multiple client computers**, and that wasn't necessarily 
reproducible on a development server.  And I don't think the code was 
meant for permanent use.  So I think your assumptions and gruffness and 
were a bit off the mark.

-Carl V.

On 3/6/2014 7:35 PM, Andrew Scott wrote:
> If you are going to be dumping things out in production, for the world to
> see, I would stop that habit. The last thing you want to do is annoy your
> clients / visitors with this stuff. People are not forgiving when they see
> these things on the screen, personally if you have to do this, for god sake
> lock this output down to your development IP address.
>
> Really Why do people insist on making changes directly on a production
> server... Seriously bad practice.
>
> Regards,
> Andrew Scott
> WebSite: http://www.andyscott.id.au/
> Google+:  http://plus.google.com/113032480415921517411
>


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357876
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CF session management suddenly not sticking ...

[Andrew Scott]

If you are going to be dumping things out in production, for the world to
see, I would stop that habit. The last thing you want to do is annoy your
clients / visitors with this stuff. People are not forgiving when they see
these things on the screen, personally if you have to do this, for god sake
lock this output down to your development IP address.

Really Why do people insist on making changes directly on a production
server... Seriously bad practice.

Regards,
Andrew Scott
WebSite: http://www.andyscott.id.au/
Google+:  http://plus.google.com/113032480415921517411



On Fri, Mar 7, 2014 at 12:56 PM, Money Pit  wrote:

>
> Yup I'm doing that.  Put together a test page so as to take all of my code
> out of the picture... although that back end has been fine for years... The
> redesign was just a re-skin.  But to be thorough I made this:
>
> name="test_0915"
>sessionmanagement="Yes"
>clientmanagement="Yes"
>sessiontimeout="#CreateTimeSpan(0,0,5,0)#"
>applicationtimeout="#CreateTimeSpan(0,2,0,0)#"
>setclientcookies="Yes"
>setdomaincookies="No">
> 
>  item="name"
> collection="#cookie#">
>  name="#name#"
> value=""
> expires="now">
> 
> 
> new.lelandwest.com/test/hello.cfm
> 
> 
> #now()#
> Clear cookie scope & reload
> page
> 
> client:#client.CFID# #client.cftoken#
> 
> session:#session.CFID# #session.cftoken#
> 
> cookie:#cookie.CFID# #cookie.cftoken#
> 
> 
> 
> 
>
> From the above I have learned that no matter what cfdump gives me two
> cfid's and two cftokens.  but only for the old workstations running
> XP/IE8.  Don't have good diagnostics installed yet to see complete cookie
> data.  After some tinkering (i.e. getting desperate) I put in the
> setclientcookies and setdomaincookies entries and things now seem to be
> working across all test machines (4 of them).  But I have had this turn
> around on me before so I'll revisit tomorrow when I get back in.
>
> :-|
>
> Thanks for your help!
>
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357875
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CF session management suddenly not sticking ...

[Money Pit]

Yup I'm doing that.  Put together a test page so as to take all of my code
out of the picture... although that back end has been fine for years... The
redesign was just a re-skin.  But to be thorough I made this:







new.lelandwest.com/test/hello.cfm


#now()#
Clear cookie scope & reload
page

client:#client.CFID# #client.cftoken#

session:#session.CFID# #session.cftoken#

cookie:#cookie.CFID# #cookie.cftoken#





>From the above I have learned that no matter what cfdump gives me two
cfid's and two cftokens.  but only for the old workstations running
XP/IE8.  Don't have good diagnostics installed yet to see complete cookie
data.  After some tinkering (i.e. getting desperate) I put in the
setclientcookies and setdomaincookies entries and things now seem to be
working across all test machines (4 of them).  But I have had this turn
around on me before so I'll revisit tomorrow when I get back in.

:-|

Thanks for your help!


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357874
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CF session management suddenly not sticking ...

[Russ Michaels]

in your cflocation tags you need to use addtoken="no" otherwise this can
cause problems

the IE security setting may be down to the cookie acceptance policy, I
don't know why that would make a difference, but worth comparing the 2
settings to see how it differs.



On Fri, Mar 7, 2014 at 12:50 AM, Money Pit  wrote:

>
> Nope I was down to one pair, and it was the pair just generated via the
> cflocation.  The code was doing its job.
>
> Another repeatable mystery:  If I turn down IE8's security from the default
> of Medium-High to Medium it will always fix the problem.  Same as with
> Private Browsing.
>
>
> On Thu, Mar 6, 2014 at 4:19 PM, Russ Michaels  wrote:
>
> >
> > so if you check the cookies after running your code, is there only one
> cfid
> > and cftoken, or is there still 2
> >
> >
> > On Fri, Mar 7, 2014 at 12:17 AM, Money Pit 
> wrote:
> >
> > >
> > > Well you were right I had multiple values, but problem persists. Ran
> code
> > > below in OnRequestEnd.cfm and verified it was doing its job as expected
> > > (deleting existing cookies, page reloads with new cfid and cftoken, and
> > the
> > > cReset cookie keeps it from happening all over again).  The code didn't
> > > hurt desktops that didn't have a problem, but it didn't help the ones
> > that
> > > did, unfortunately.  never seen anything like this... I usually don't
> > mess
> > > with cookies.
> > >
> > > 
> > >  > > item="name"
> > > collection="#cookie#">
> > >  > > name="#name#"
> > > value=""
> > > expires="now">
> > > 
> > >  > > name="cReset"
> > > value="1">
> > > 
> > >
> > >
> > > On Thu, Mar 6, 2014 at 2:22 PM, Russ Michaels 
> > wrote:
> > >
> > > >
> > > > check the cookies that have been set in the browser, there are addons
> > > that
> > > > will show you this.
> > > > see if there are multiple cfid/cftoken cookies set.
> > > > if so, that is likely the issues, and deleting all cookies should
> solve
> > > it.
> > > >
> > > >
> > > > On Thu, Mar 6, 2014 at 10:09 PM, Money Pit 
> > > wrote:
> > > >
> > > > >
> > > > > New site version running at http://new.lelandwest.com  On some
> older
> > > > > browsers (XP wkstns w/IE8 are definitely vulnerable) the site will
> > not
> > > > > maintain state - i.e. cfid and cftoken get new values on every page
> > > visit
> > > > > (they're displayed on screen right now).
> > > > >
> > > > > It doesn't always happen, even on the same workstation... if I get
> a
> > > > value
> > > > > to stick it will stay for the session, but I came back to one
> > > workstation
> > > > > this afternoon it was back to cycling cfid's again.
> > > > >
> > > > > Opening a private browser window will always solve the problem.
>  With
> > > > that
> > > > > in mind, whats the best way to reset cookies on session start?  I
> am
> > > > using
> > > > > application.cfm.  What could cause this?  Underlying CF code from
> the
> > > > > current site has barely changed.
> > > > >
> > > > > --
> > > > > --m@Robertson--
> > > > > Janitor, The Robertson Team
> > > > > mysecretbase.com
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357873
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CF session management suddenly not sticking ...

[Money Pit]

Nope I was down to one pair, and it was the pair just generated via the
cflocation.  The code was doing its job.

Another repeatable mystery:  If I turn down IE8's security from the default
of Medium-High to Medium it will always fix the problem.  Same as with
Private Browsing.


On Thu, Mar 6, 2014 at 4:19 PM, Russ Michaels  wrote:

>
> so if you check the cookies after running your code, is there only one cfid
> and cftoken, or is there still 2
>
>
> On Fri, Mar 7, 2014 at 12:17 AM, Money Pit  wrote:
>
> >
> > Well you were right I had multiple values, but problem persists. Ran code
> > below in OnRequestEnd.cfm and verified it was doing its job as expected
> > (deleting existing cookies, page reloads with new cfid and cftoken, and
> the
> > cReset cookie keeps it from happening all over again).  The code didn't
> > hurt desktops that didn't have a problem, but it didn't help the ones
> that
> > did, unfortunately.  never seen anything like this... I usually don't
> mess
> > with cookies.
> >
> > 
> >  > item="name"
> > collection="#cookie#">
> >  > name="#name#"
> > value=""
> > expires="now">
> > 
> >  > name="cReset"
> > value="1">
> > 
> >
> >
> > On Thu, Mar 6, 2014 at 2:22 PM, Russ Michaels 
> wrote:
> >
> > >
> > > check the cookies that have been set in the browser, there are addons
> > that
> > > will show you this.
> > > see if there are multiple cfid/cftoken cookies set.
> > > if so, that is likely the issues, and deleting all cookies should solve
> > it.
> > >
> > >
> > > On Thu, Mar 6, 2014 at 10:09 PM, Money Pit 
> > wrote:
> > >
> > > >
> > > > New site version running at http://new.lelandwest.com  On some older
> > > > browsers (XP wkstns w/IE8 are definitely vulnerable) the site will
> not
> > > > maintain state - i.e. cfid and cftoken get new values on every page
> > visit
> > > > (they're displayed on screen right now).
> > > >
> > > > It doesn't always happen, even on the same workstation... if I get a
> > > value
> > > > to stick it will stay for the session, but I came back to one
> > workstation
> > > > this afternoon it was back to cycling cfid's again.
> > > >
> > > > Opening a private browser window will always solve the problem.  With
> > > that
> > > > in mind, whats the best way to reset cookies on session start?  I am
> > > using
> > > > application.cfm.  What could cause this?  Underlying CF code from the
> > > > current site has barely changed.
> > > >
> > > > --
> > > > --m@Robertson--
> > > > Janitor, The Robertson Team
> > > > mysecretbase.com
> > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357872
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CF session management suddenly not sticking ...

[Russ Michaels]

so if you check the cookies after running your code, is there only one cfid
and cftoken, or is there still 2


On Fri, Mar 7, 2014 at 12:17 AM, Money Pit  wrote:

>
> Well you were right I had multiple values, but problem persists. Ran code
> below in OnRequestEnd.cfm and verified it was doing its job as expected
> (deleting existing cookies, page reloads with new cfid and cftoken, and the
> cReset cookie keeps it from happening all over again).  The code didn't
> hurt desktops that didn't have a problem, but it didn't help the ones that
> did, unfortunately.  never seen anything like this... I usually don't mess
> with cookies.
>
> 
>  item="name"
> collection="#cookie#">
>  name="#name#"
> value=""
> expires="now">
> 
>  name="cReset"
> value="1">
> 
>
>
> On Thu, Mar 6, 2014 at 2:22 PM, Russ Michaels  wrote:
>
> >
> > check the cookies that have been set in the browser, there are addons
> that
> > will show you this.
> > see if there are multiple cfid/cftoken cookies set.
> > if so, that is likely the issues, and deleting all cookies should solve
> it.
> >
> >
> > On Thu, Mar 6, 2014 at 10:09 PM, Money Pit 
> wrote:
> >
> > >
> > > New site version running at http://new.lelandwest.com  On some older
> > > browsers (XP wkstns w/IE8 are definitely vulnerable) the site will not
> > > maintain state - i.e. cfid and cftoken get new values on every page
> visit
> > > (they're displayed on screen right now).
> > >
> > > It doesn't always happen, even on the same workstation... if I get a
> > value
> > > to stick it will stay for the session, but I came back to one
> workstation
> > > this afternoon it was back to cycling cfid's again.
> > >
> > > Opening a private browser window will always solve the problem.  With
> > that
> > > in mind, whats the best way to reset cookies on session start?  I am
> > using
> > > application.cfm.  What could cause this?  Underlying CF code from the
> > > current site has barely changed.
> > >
> > > --
> > > --m@Robertson--
> > > Janitor, The Robertson Team
> > > mysecretbase.com
> > >
> > >
> > >
> >
> >
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357871
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CF session management suddenly not sticking ...

[Money Pit]

Well you were right I had multiple values, but problem persists. Ran code
below in OnRequestEnd.cfm and verified it was doing its job as expected
(deleting existing cookies, page reloads with new cfid and cftoken, and the
cReset cookie keeps it from happening all over again).  The code didn't
hurt desktops that didn't have a problem, but it didn't help the ones that
did, unfortunately.  never seen anything like this... I usually don't mess
with cookies.









On Thu, Mar 6, 2014 at 2:22 PM, Russ Michaels  wrote:

>
> check the cookies that have been set in the browser, there are addons that
> will show you this.
> see if there are multiple cfid/cftoken cookies set.
> if so, that is likely the issues, and deleting all cookies should solve it.
>
>
> On Thu, Mar 6, 2014 at 10:09 PM, Money Pit  wrote:
>
> >
> > New site version running at http://new.lelandwest.com  On some older
> > browsers (XP wkstns w/IE8 are definitely vulnerable) the site will not
> > maintain state - i.e. cfid and cftoken get new values on every page visit
> > (they're displayed on screen right now).
> >
> > It doesn't always happen, even on the same workstation... if I get a
> value
> > to stick it will stay for the session, but I came back to one workstation
> > this afternoon it was back to cycling cfid's again.
> >
> > Opening a private browser window will always solve the problem.  With
> that
> > in mind, whats the best way to reset cookies on session start?  I am
> using
> > application.cfm.  What could cause this?  Underlying CF code from the
> > current site has barely changed.
> >
> > --
> > --m@Robertson--
> > Janitor, The Robertson Team
> > mysecretbase.com
> >
> >
> >
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357870
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CF session management suddenly not sticking ...

[Russ Michaels]

check the cookies that have been set in the browser, there are addons that
will show you this.
see if there are multiple cfid/cftoken cookies set.
if so, that is likely the issues, and deleting all cookies should solve it.


On Thu, Mar 6, 2014 at 10:09 PM, Money Pit  wrote:

>
> New site version running at http://new.lelandwest.com  On some older
> browsers (XP wkstns w/IE8 are definitely vulnerable) the site will not
> maintain state - i.e. cfid and cftoken get new values on every page visit
> (they're displayed on screen right now).
>
> It doesn't always happen, even on the same workstation... if I get a value
> to stick it will stay for the session, but I came back to one workstation
> this afternoon it was back to cycling cfid's again.
>
> Opening a private browser window will always solve the problem.  With that
> in mind, whats the best way to reset cookies on session start?  I am using
> application.cfm.  What could cause this?  Underlying CF code from the
> current site has barely changed.
>
> --
> --m@Robertson--
> Janitor, The Robertson Team
> mysecretbase.com
>
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357869
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

CF session management suddenly not sticking ...

[Money Pit]

New site version running at http://new.lelandwest.com  On some older
browsers (XP wkstns w/IE8 are definitely vulnerable) the site will not
maintain state - i.e. cfid and cftoken get new values on every page visit
(they're displayed on screen right now).

It doesn't always happen, even on the same workstation... if I get a value
to stick it will stay for the session, but I came back to one workstation
this afternoon it was back to cycling cfid's again.

Opening a private browser window will always solve the problem.  With that
in mind, whats the best way to reset cookies on session start?  I am using
application.cfm.  What could cause this?  Underlying CF code from the
current site has barely changed.

-- 
--m@Robertson--
Janitor, The Robertson Team
mysecretbase.com


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357868
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Question about session management

[Russ Michaels]

If you do not want to use the CreatetimeSpan function you have to still use
the same format as the CreatetimeSpan fucntion uses.



On Fri, Jul 19, 2013 at 2:56 PM, DeMarco, Alex wrote:

>
> Just a quick follow up
>
> If I set the sessiontimeout=5  (not using the createtimespan function)
>
> Is that 5 days?
>
> - Alex
>
>
>
> -Original Message-
> From: DeMarco, Alex [mailto:alex.dema...@suny.edu]
> Sent: Thursday, July 18, 2013 8:31 PM
> To: cf-talk
> Subject: Re: Question about session management
>
>
> Ahh okay thank you!
>
>
>
> - Alex
>
>
>
>  Original message 
> From: Dave Watts 
> Date: 07/18/2013 8:29 PM (GMT-05:00)
> To: cf-talk 
> Subject: Re: Question about session management
>
>
>
> > If I have a path:
> >
> > /inetpub/myapp
> >
> > In /myapp I have an application .cfm in   it has a application name of
> MYAPPNAME with a sessiontimeout of 30 minutes
> >
> > But in /inetpub/myapp/login  I have another application.cfm with an
> > application name of MYAPPNAME with a sessiontimeout of 30 minutes
> >
> > Will CFMX create 2 sessions per visitor?
>
> No, because both directories' Application.cfm files contain the same
> application name.
>
> Dave Watts, CTO, Fig Leaf Software
> http://www.figleaf.com/
> http://training.figleaf.com/
>
> Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA
> Schedule, and provides the highest caliber vendor-authorized instruction at
> our training centers, online, or onsite.
>
>
>
>
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:356244
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: Question about session management

[DeMarco, Alex]

Just a quick follow up

If I set the sessiontimeout=5  (not using the createtimespan function)

Is that 5 days? 

- Alex



-Original Message-
From: DeMarco, Alex [mailto:alex.dema...@suny.edu] 
Sent: Thursday, July 18, 2013 8:31 PM
To: cf-talk
Subject: Re: Question about session management


Ahh okay thank you!



- Alex



 Original message 
From: Dave Watts 
Date: 07/18/2013 8:29 PM (GMT-05:00)
To: cf-talk 
Subject: Re: Question about session management



> If I have a path:
>
> /inetpub/myapp
>
> In /myapp I have an application .cfm in   it has a application name of 
> MYAPPNAME with a sessiontimeout of 30 minutes
>
> But in /inetpub/myapp/login  I have another application.cfm with an 
> application name of MYAPPNAME with a sessiontimeout of 30 minutes
>
> Will CFMX create 2 sessions per visitor?

No, because both directories' Application.cfm files contain the same 
application name.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
http://training.figleaf.com/

Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and 
provides the highest caliber vendor-authorized instruction at our training 
centers, online, or onsite.





~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:356243
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: Question about session management

[David Phelan]

However, there is no reason to have an application.cfm file in your login 
directory as CF will move up the directory tree until it finds an 
application.cfm file and use it.

David Phelan  
Web Developer   
IT Security & Web Technologies
  
Emerging Health
Montefiore Information Technology
3 Odell Plaza, Yonkers, NY 10701
914-457-6465 Office
862-234-9109 Cell
dphe...@emerginghealthit.com
www.emerginghealthit.com
www.montefiore.org



-Original Message-
From: DeMarco, Alex [mailto:alex.dema...@suny.edu] 
Sent: Thursday, July 18, 2013 8:31 PM
To: cf-talk
Subject: Re: Question about session management


Ahh okay thank you!



- Alex



 Original message 
From: Dave Watts 
Date: 07/18/2013 8:29 PM (GMT-05:00)
To: cf-talk 
Subject: Re: Question about session management



> If I have a path:
>
> /inetpub/myapp
>
> In /myapp I have an application .cfm in   it has a application name of 
> MYAPPNAME with a sessiontimeout of 30 minutes
>
> But in /inetpub/myapp/login  I have another application.cfm with an 
> application name of MYAPPNAME with a sessiontimeout of 30 minutes
>
> Will CFMX create 2 sessions per visitor?

No, because both directories' Application.cfm files contain the same 
application name.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
http://training.figleaf.com/

Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and 
provides the highest caliber vendor-authorized instruction at our training 
centers, online, or onsite.





~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:356241
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Question about session management

[DeMarco, Alex]

Ahh okay thank you!



- Alex



 Original message 
From: Dave Watts 
Date: 07/18/2013 8:29 PM (GMT-05:00)
To: cf-talk 
Subject: Re: Question about session management



> If I have a path:
>
> /inetpub/myapp
>
> In /myapp I have an application .cfm in   it has a application name of 
> MYAPPNAME with a sessiontimeout of 30 minutes
>
> But in /inetpub/myapp/login  I have another application.cfm with an 
> application name of MYAPPNAME with a sessiontimeout of 30 minutes
>
> Will CFMX create 2 sessions per visitor?

No, because both directories' Application.cfm files contain the same
application name.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
http://training.figleaf.com/

Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
GSA Schedule, and provides the highest caliber vendor-authorized
instruction at our training centers, online, or onsite.



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:356240
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Question about session management

[Dave Watts]

> If I have a path:
>
> /inetpub/myapp
>
> In /myapp I have an application .cfm in   it has a application name of 
> MYAPPNAME with a sessiontimeout of 30 minutes
>
> But in /inetpub/myapp/login  I have another application.cfm with an 
> application name of MYAPPNAME with a sessiontimeout of 30 minutes
>
> Will CFMX create 2 sessions per visitor?

No, because both directories' Application.cfm files contain the same
application name.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
http://training.figleaf.com/

Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
GSA Schedule, and provides the highest caliber vendor-authorized
instruction at our training centers, online, or onsite.

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:356239
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Question about session management

[DeMarco, Alex]

I am a bit out of practice with regards to session management.

If I have a path:

/inetpub/myapp

In /myapp I have an application .cfm in   it has a application name of 
MYAPPNAME with a sessiontimeout of 30 minutes

But in /inetpub/myapp/login  I have another application.cfm with an application 
name of MYAPPNAME with a sessiontimeout of 30 minutes

Will CFMX create 2 sessions per visitor?

(I hope I explained this correctly)

Thanks for the help.

[circle]<http://www.suny.edu/>

Alex DeMarco
Manager of Technical Services
The State University of New York
State University Plaza - Albany, New York 12246
Tel: 518.320.1398Fax: 518.320.1550
Be a part of Generation SUNY: Facebook<http://www.facebook.com/generationsuny> 
- Twitter<http://www.twitter.com/generationsuny> - 
YouTube<http://www.youtube.com/generationsuny>





~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:356238
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

ColdFusion & LCDS Session Management

[Josh Dura]

Has anyone on the list had any experience implementing session 
management for LiveCycle Data Services into ColdFusion 9? I am building 
an app using CF, Flex & LCDS and am trying to find a way to call a few 
clean up methods on the CF side when a user disconnects. Unfortunately, 
I haven't found much online other than a few unanswered questions on the 
same topic.

I am pretty new to CF & LCDS, but it seems it would need to use the 
FlexSession Java class (something like this... 
http://sujitreddyg.wordpress.com/2008/05/16/session-data-management-in-flex-remoting/),
 
but I have no idea how to use java event listeners within CF. Thanks for 
any help ahead of time.

Josh Dura


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339438
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: JREE Servers (was Session Management - sticky sessions)

[Brad Wood]

> Hope that helps?

Very much so-- thanks.
I need to find (or make) a big Venn diagram that shows all these
relations...

~Brad

~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:295329
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: JREE Servers (was Session Management - sticky sessions)

[Sean Corfield]

On Dec 23, 2007 11:13 PM, Brad Wood <[EMAIL PROTECTED]> wrote:
> I'll admit, it's nice how well CF simplifies the "messy" stuff, but messing 
> with the mutli-server install has a way of dumping you waist-deep with the 
> unfamiliar (and previously hidden) world of Java.

True. I prefer the multiserver install because I have a Java
background and I like the extra level of control and flexibility.

> The JRE (or SDK) runs on the OS.  This is what defines what version of Java 
> you are on.  Would it best be described as a compiler,  interpreter, a VM, 
> or??

The VM is the Virtual Machine that interprets the Java bytecode and
(on some JVMs like Sun's HotSpot system) compiles bytecode to machine
code for extra performance.

The JRE is the Java Runtime Environment which includes the JVM as well
as all of the libraries needed to run (most) Java applications. This
is also referred to as J2SE and, now, Java SE (Standard Edition) since
we're a long way past Java 2.

The JDK is the Java Development Kit and includes the compiler and some
other stuff (as well as the JRE).

Then there's J2EE which is now known as Java EE - Enterprise Edition.
This includes all of the additional libraries and tools for writing
Enterprise Java Beans and all of the "optional" stuff in the EE spec
above and beyond the SE spec.

> Then your app server runs on that.  This is JRun, or WebShpere or whatever. 
> (This is the J2EE part, right?)

Yes, a Java EE app server runs on top of the JRE and provides all of
the libraries etc that are part of EE (above and beyond SE).

But Tomcat - a Servlet container - also runs on top of the JRE. Think
of a Servlet container as a (fairly small) subset of a Java EE app
server.

> Then your CF instance(s) are deployed to the app server (possibly as an EAR 
> or a WAR).

Right, CF can run on "any" Servlet container such as Tomcat or "any"
Java EE app server. A WAR can be deployed on a Servlet container. An
EAR requires a Java EE server.

Hope that helps?
-- 
Sean A Corfield -- (904) 302-SEAN
An Architect's View -- http://corfield.org/

"If you're not annoying somebody, you're not really alive."
-- Margaret Atwood

~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:295326
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: JREE Servers (was Session Management - sticky sessions)

[Brad Wood]

Actually, thank you for the clarification.  There are many acronyms in the Java 
world that I only partially understand sometimes.  JRE, J2EE, JDK, JVM, EAR, 
WAR, ANT, JRun,  etc...
 
I'll admit, it's nice how well CF simplifies the "messy" stuff, but messing 
with the mutli-server install has a way of dumping you waist-deep with the 
unfamiliar (and previously hidden) world of Java.
 
Sometimes I wish I had a Java background since I'm a kind of guy who wants to 
understand how it all works.
 
So, to get this straight:
The JRE (or SDK) runs on the OS.  This is what defines what version of Java you 
are on.  Would it best be described as a compiler,  interpreter, a VM, or??
Then your app server runs on that.  This is JRun, or WebShpere or whatever. 
(This is the J2EE part, right?)
Then your CF instance(s) are deployed to the app server (possibly as an EAR or 
a WAR).
 
Did I say it right?
 
~Brad

JRun is not a JRE. JRun uses whatever JRE (actually JDK) that you've configured.

Same for JBoss, WebSphere, WebLogic etc. You need a JDK in order to
run a Java app server.

Sorry to nit-pick but I think it's an important point and it's
indicative of how little most folks really understand about the
underpinnings of ColdFusion (and that's not a criticism since the
whole point of CFML is to hide all that stuff).


~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:295316
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: JREE Servers (was Session Management - sticky sessions)

[Sean Corfield]

On Dec 20, 2007 12:26 PM, Brad Wood <[EMAIL PROTECTED]> wrote:
> Can I get a show of hands (off-list probably) from people out there
> using any JRE other than JRUN?

JRun is not a JRE. JRun uses whatever JRE (actually JDK) that you've configured.

Same for JBoss, WebSphere, WebLogic etc. You need a JDK in order to
run a Java app server.

Sorry to nit-pick but I think it's an important point and it's
indicative of how little most folks really understand about the
underpinnings of ColdFusion (and that's not a criticism since the
whole point of CFML is to hide all that stuff).

In answer to your question, I use JRun as my underlying app server in
almost 100% of cases. I have also used JBoss but I really don't like
it much (it's "fussy" and clunky and spews endless informational
garbage in its default configuration). However, I *always* use the
multiserver installation of ColdFusion so I have the option of
multiple instances and using Java code "outside" ColdFusion.

I would argue most CFers should be perfectly happy with JRun (but then
I also strongly advocate *against* session replication :)
-- 
Sean A Corfield -- (904) 302-SEAN
An Architect's View -- http://corfield.org/

"If you're not annoying somebody, you're not really alive."
-- Margaret Atwood

~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:295292
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: JREE Servers (was Session Management - sticky sessions)

[Brad Wood]

Thank you for the input Adam.

~Brad

-Original Message-
From: Adam Haskell [mailto:[EMAIL PROTECTED] 
Sent: Thursday, December 20, 2007 7:53 PM
To: CF-Talk
Subject: Re: JREE Servers (was Session Management - sticky sessions)

We use clustered CF servers, most sitting behind F5 switches. We do
sticky
sessions with Jboss and WebSphere and have session replication with
WebSphere. Not being an admin I like jboss as websphere is not easy to
admin
for a non admin type, its also expensive and heavy. You might note
though
that as far as I recall Jboss is only offically supported in
non-cluster, if
I recall this is more due to a lack of testing rather than a statement
that
it doesn't work.

In Feburary we are migrating all our servers to WebSphere, mainly for a
cost
advantage over Red Hat's support price hike on Jboss. I'm still a huge
Jboss
fan as Websphere does not supply a good development environment, unless
you
use WASD ($$ and bloated). The community edition of Websphere is
completely
different technology so do not think you can deploy to that locally and
have
the same results in production. For CF development I wouldn't expect it
to
be an issue but if you are doing Java development as well the Websphere
Community edition is no good, for now you are just as well of developing
on
Jboss.

If anyone ever has questions about CF on Websphere or Jboss I'm always
happy
to help, I'm a big fan of developing on jboss + CF.

Adam Haskell

~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:295251
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: Session Management - sticky sessions

[Adam Haskell]

*opens mouth pours in coffee*

Ok ok I am following now, had to think about cfpresentation for a second and
its making sense.

Adam H

On Dec 21, 2007 7:06 AM, Jochem van Dieten <[EMAIL PROTECTED]> wrote:

> Adam Haskell wrote:
> > Thats not what I meant but I may not have understand Jochem's original
> > statement correctly. My statement was that a switch would route any
> outgoing
> > HTTP requests from the cluster node for the cluster back to the same
> node
> > (not subsequent incoming requests to the same node). Does that make any
> more
> > or less sense?
>
> It is clear what you mean. But it is not relevant for the matter of
> subsequent client requests in the case of cfimage and cfpresentation. It
> may be relevant in the case of scheduled tasks or cfdocument where CF
> tries to do a HTTP request to itself, but even in that case just getting
> to the right server does not guarantee you are getting to the right
> instance.
>
> Jochem
>
> 

~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:295240
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: Session Management - sticky sessions

[Jochem van Dieten]

Adam Haskell wrote:
> Thats not what I meant but I may not have understand Jochem's original
> statement correctly. My statement was that a switch would route any outgoing
> HTTP requests from the cluster node for the cluster back to the same node
> (not subsequent incoming requests to the same node). Does that make any more
> or less sense?

It is clear what you mean. But it is not relevant for the matter of 
subsequent client requests in the case of cfimage and cfpresentation. It 
may be relevant in the case of scheduled tasks or cfdocument where CF 
tries to do a HTTP request to itself, but even in that case just getting 
to the right server does not guarantee you are getting to the right 
instance.

Jochem

~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:295237
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Session Management - sticky sessions

[Adam Haskell]

Thats not what I meant but I may not have understand Jochem's original
statement correctly. My statement was that a switch would route any outgoing
HTTP requests from the cluster node for the cluster back to the same node
(not subsequent incoming requests to the same node). Does that make any more
or less sense?

Adam H

My Rant, erm Blog <http://cfrant.blogspot.com/>

On Dec 21, 2007 12:08 AM, James Holmes <[EMAIL PROTECTED]> wrote:

> Sure. The switch would do so via sticky sessions, so we're back to
> where we started - sticky sessions are necessary for a lot of
> functionality.
>
> On Dec 21, 2007 10:56 AM, Adam Haskell <[EMAIL PROTECTED]> wrote:
> > I'm not a sys admin so I might be off here but couldn't you get around
> this
> > with a switch that ensures requests coming off a certain server gets
> routed
> > properly?
> >
> > Adam Haskell
> >
> >
> > On Dec 19, 2007 6:18 PM, Jochem van Dieten <[EMAIL PROTECTED]>
> wrote:
> >
> > > Sean Corfield wrote:
> > > > The issue here is that if you do not have sticky session, you have
> to
> > > > be able to manage sessions that move between servers at will. That
> > > > means that either:
> > > > 1) you use client scope instead of session scope (with all the
> > > > attendant restrictions)
> > > > 2) you write your own session management based on cookies
> > > > 3) you rely on session replication (and, if you're not on CF8, make
> > > > sure you don't put CFCs in session scope - and if you are on CF8,
> make
> > > > sure you don't put arrays in the CFCs that are in session scope -
> and
> > > > whatever other restrictions there are)
> > >
> > > No queries either.
> > >
> > > 4. You do not use cfimage, cfpresentation, and other tags that rely on
> 2
> > > subsequent requests to be directed to the same instance.
> > >
> > > Jochem
> > >
> > >
> > >
> >
> >
>
> 

~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:295236
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Session Management - sticky sessions

[James Holmes]

Sure. The switch would do so via sticky sessions, so we're back to
where we started - sticky sessions are necessary for a lot of
functionality.

On Dec 21, 2007 10:56 AM, Adam Haskell <[EMAIL PROTECTED]> wrote:
> I'm not a sys admin so I might be off here but couldn't you get around this
> with a switch that ensures requests coming off a certain server gets routed
> properly?
>
> Adam Haskell
>
>
> On Dec 19, 2007 6:18 PM, Jochem van Dieten <[EMAIL PROTECTED]> wrote:
>
> > Sean Corfield wrote:
> > > The issue here is that if you do not have sticky session, you have to
> > > be able to manage sessions that move between servers at will. That
> > > means that either:
> > > 1) you use client scope instead of session scope (with all the
> > > attendant restrictions)
> > > 2) you write your own session management based on cookies
> > > 3) you rely on session replication (and, if you're not on CF8, make
> > > sure you don't put CFCs in session scope - and if you are on CF8, make
> > > sure you don't put arrays in the CFCs that are in session scope - and
> > > whatever other restrictions there are)
> >
> > No queries either.
> >
> > 4. You do not use cfimage, cfpresentation, and other tags that rely on 2
> > subsequent requests to be directed to the same instance.
> >
> > Jochem
> >
> >
> >
>
> 

~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:295231
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Session Management - sticky sessions

[Adam Haskell]

I'm not a sys admin so I might be off here but couldn't you get around this
with a switch that ensures requests coming off a certain server gets routed
properly?

Adam Haskell


On Dec 19, 2007 6:18 PM, Jochem van Dieten <[EMAIL PROTECTED]> wrote:

> Sean Corfield wrote:
> > The issue here is that if you do not have sticky session, you have to
> > be able to manage sessions that move between servers at will. That
> > means that either:
> > 1) you use client scope instead of session scope (with all the
> > attendant restrictions)
> > 2) you write your own session management based on cookies
> > 3) you rely on session replication (and, if you're not on CF8, make
> > sure you don't put CFCs in session scope - and if you are on CF8, make
> > sure you don't put arrays in the CFCs that are in session scope - and
> > whatever other restrictions there are)
>
> No queries either.
>
> 4. You do not use cfimage, cfpresentation, and other tags that rely on 2
> subsequent requests to be directed to the same instance.
>
> Jochem
>
>
> 

~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:295222
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: JREE Servers (was Session Management - sticky sessions)

[Adam Haskell]

We use clustered CF servers, most sitting behind F5 switches. We do sticky
sessions with Jboss and WebSphere and have session replication with
WebSphere. Not being an admin I like jboss as websphere is not easy to admin
for a non admin type, its also expensive and heavy. You might note though
that as far as I recall Jboss is only offically supported in non-cluster, if
I recall this is more due to a lack of testing rather than a statement that
it doesn't work.

In Feburary we are migrating all our servers to WebSphere, mainly for a cost
advantage over Red Hat's support price hike on Jboss. I'm still a huge Jboss
fan as Websphere does not supply a good development environment, unless you
use WASD ($$ and bloated). The community edition of Websphere is completely
different technology so do not think you can deploy to that locally and have
the same results in production. For CF development I wouldn't expect it to
be an issue but if you are doing Java development as well the Websphere
Community edition is no good, for now you are just as well of developing on
Jboss.

If anyone ever has questions about CF on Websphere or Jboss I'm always happy
to help, I'm a big fan of developing on jboss + CF.

Adam Haskell


On Dec 20, 2007 3:26 PM, Brad Wood <[EMAIL PROTECTED]> wrote:

> > You'd think.  However, JRun is dead as an independent platform.  From
> > hence force forward, no new updates unless CF requires it.  Not many
> care, > > however ;).
>
> I see.
> There never seems to be an over-abundance of people on the list willing
> to answer questions about JRun, let along other J2EE servers.  Maybe
> that is because most people are using single-instance installs and don't
> know/care about the man behind the Java curtain.
>
> Can I get a show of hands (off-list probably) from people out there
> using any JRE other than JRUN?  Sometimes I think Dave W, Sean, and
> Jochem are the only people with experience in that realm.  (And their
> help is always much
> appreciated!)  Heck, raise your hand if you use JRun in Multi-Server
> mode too.
>
> One thing I don't want to do is move to another J2EE platform because it
> think it has more features and then find myself all alone.  :)
>
> Thanks.
>
> ~Brad
>
>
> 

~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:295221
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: JREE Servers (was Session Management - sticky sessions)

[Matthew Williams]

>+1 for Mutli-Instance on JRun

Here as well.  Also running clustering.

Matthew Williams


~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:295218
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

RE: JREE Servers (was Session Management - sticky sessions)

[Rich]

+1 for Mutli-Instance on JRun 


~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:295216
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

RE: JREE Servers (was Session Management - sticky sessions)

[Brad Wood]

> You'd think.  However, JRun is dead as an independent platform.  From 
> hence force forward, no new updates unless CF requires it.  Not many
care, > > however ;).

I see.
There never seems to be an over-abundance of people on the list willing
to answer questions about JRun, let along other J2EE servers.  Maybe
that is because most people are using single-instance installs and don't
know/care about the man behind the Java curtain.

Can I get a show of hands (off-list probably) from people out there
using any JRE other than JRUN?  Sometimes I think Dave W, Sean, and
Jochem are the only people with experience in that realm.  (And their
help is always much 
appreciated!)  Heck, raise your hand if you use JRun in Multi-Server
mode too.

One thing I don't want to do is move to another J2EE platform because it
think it has more features and then find myself all alone.  :)

Thanks.

~Brad


~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:295211
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: JREE Servers (was Session Management - sticky sessions)

[Matthew Williams]

>Interesting.
>
>Updater 7, huh?  Isn't it about time for JRun 5?  :)
>
>~Brad

You'd think.  However, JRun is dead as an independent platform.  From hence 
force forward, no new updates unless CF requires it.  Not many care, however ;).

Matthew Williams
Geodesic GraFX
www.geodesicgrafx.com/blog 

~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:295209
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: JREE Servers (was Session Management - sticky sessions)

[Brad Wood]

Interesting.

Updater 7, huh?  Isn't it about time for JRun 5?  :)

~Brad

-Original Message-
From: Matthew Williams [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, December 19, 2007 9:22 PM
To: CF-Talk
Subject: Re: JREE Servers (was Session Management - sticky sessions)

But wait!  Adobe just released updater 7 for JRun 4.  It's supposed to
have vastly improved on the clustering interfacing by reducing a bunch
of the overhead.  I'm slated to test this on my shared servers for this
coming year.


Matthew Williams
Geodesic GraFX
www.geodesicgrafx.com/blog 



~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:295198
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: JREE Servers (was Session Management - sticky sessions)

[Mark Mandel]

Sean,

Any opinions on how JBoss compares against the two?

Mark

On Dec 20, 2007 6:07 PM, Sean Corfield <[EMAIL PROTECTED]> wrote:
> On Dec 19, 2007 7:21 PM, Matthew Williams <[EMAIL PROTECTED]> wrote:
> > But wait!  Adobe just released updater 7 for JRun 4.  It's supposed to have 
> > vastly improved on the clustering interfacing by reducing a bunch of the 
> > overhead.  I'm slated to test this on my shared servers for this coming 
> > year.
>
> Ah, I haven't seen the release notes for that yet...
>
> As Dave says tho', JRun is a mid-range J2EE server but the question
> (for Brad) is what do you really need in a J2EE server that you're
> willing to pay, say, $10k per CPU for one?
>
> Whilst JRun's session replication may have its flaws, I contend that
> the vast majority of sites don't need anything more sophisticated. CF
> itself runs in a Servlet container perfectly happily, for example
> Tomcat, and you can now run CF on JBoss as a supported configuration.
>
> WebSphere and WebLogic are very sophisticated systems, very robust -
> and very expensive.
> --
> Sean A Corfield -- (904) 302-SEAN
> An Architect's View -- http://corfield.org/
>
> "If you're not annoying somebody, you're not really alive."
> -- Margaret Atwood
>
> 

~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:295168
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: JREE Servers (was Session Management - sticky sessions)

[Sean Corfield]

On Dec 19, 2007 7:21 PM, Matthew Williams <[EMAIL PROTECTED]> wrote:
> But wait!  Adobe just released updater 7 for JRun 4.  It's supposed to have 
> vastly improved on the clustering interfacing by reducing a bunch of the 
> overhead.  I'm slated to test this on my shared servers for this coming year.

Ah, I haven't seen the release notes for that yet...

As Dave says tho', JRun is a mid-range J2EE server but the question
(for Brad) is what do you really need in a J2EE server that you're
willing to pay, say, $10k per CPU for one?

Whilst JRun's session replication may have its flaws, I contend that
the vast majority of sites don't need anything more sophisticated. CF
itself runs in a Servlet container perfectly happily, for example
Tomcat, and you can now run CF on JBoss as a supported configuration.

WebSphere and WebLogic are very sophisticated systems, very robust -
and very expensive.
-- 
Sean A Corfield -- (904) 302-SEAN
An Architect's View -- http://corfield.org/

"If you're not annoying somebody, you're not really alive."
-- Margaret Atwood

~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:295167
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: JREE Servers (was Session Management - sticky sessions)

[Matthew Williams]

But wait!  Adobe just released updater 7 for JRun 4.  It's supposed to have 
vastly improved on the clustering interfacing by reducing a bunch of the 
overhead.  I'm slated to test this on my shared servers for this coming year.


Matthew Williams
Geodesic GraFX
www.geodesicgrafx.com/blog 

~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:295163
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

RE: JREE Servers (was Session Management - sticky sessions)

[Brad Wood]

Thanks for the insight as usual, Dave.  

Sean's comment has got me thinking about seriously considering a J2EE
platform other than JRun.

Can anyone find any good resources which juxtapose the features, ease of
use, cost etc of major J2EE players.  I Googled for a while and couldn't
turn up much.

Thanks.

~Brad

JRun is not an enterprise J2EE server, it's a "midrange" J2EE server.
WebSphere and WebLogic are enterprise servers. I haven't worked with
WebLogic, but WebSphere has LOTS of functionality beyond what JRun
offers.
Of course, that functionality comes at a cost - it's very complicated.

~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:295157
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

RE: JREE Servers (was Session Management - sticky sessions)

[Dave Watts]

> Funny you say that-- I had always assumed that people DID 
> view JRUN as an "enterprise" J2EE server.  I have always been 
> reticent to move away from JRUN because I expected CF to work 
> more reliably with it and support to be more readily 
> available.  Of course neither of those factors necessarily 
> preclude the possibility that JRUN may lack in its session 
> replication.  
> 
> We are in the process of trying to consolidate our CF apps 
> and Java apps so they can be deployed on the same J2EE 
> server.  Our Java team has used WebSphere, JBoss, Tomcat and 
> JRUN in the past.  Do you have a personal preference over 
> JRUN, Sean?  Or anyone for that matter who has experience.

JRun is not an enterprise J2EE server, it's a "midrange" J2EE server.
WebSphere and WebLogic are enterprise servers. I haven't worked with
WebLogic, but WebSphere has LOTS of functionality beyond what JRun offers.
Of course, that functionality comes at a cost - it's very complicated.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/

Fig Leaf Software provides the highest caliber vendor-authorized
instruction at our training centers in Washington DC, Atlanta,
Chicago, Baltimore, Northern Virginia, or on-site at your location.
Visit http://training.figleaf.com/ for more information!


~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:295153
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Session Management - sticky sessions

[Jochem van Dieten]

Sean Corfield wrote:
> The issue here is that if you do not have sticky session, you have to
> be able to manage sessions that move between servers at will. That
> means that either:
> 1) you use client scope instead of session scope (with all the
> attendant restrictions)
> 2) you write your own session management based on cookies
> 3) you rely on session replication (and, if you're not on CF8, make
> sure you don't put CFCs in session scope - and if you are on CF8, make
> sure you don't put arrays in the CFCs that are in session scope - and
> whatever other restrictions there are)

No queries either.

4. You do not use cfimage, cfpresentation, and other tags that rely on 2 
subsequent requests to be directed to the same instance.

Jochem


~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:295151
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

JREE Servers (was Session Management - sticky sessions)

[Brad Wood]

> I'd generally recommend you use an
> "enterprise" J2EE server that does replication in an intelligent way -
> i.e., not JRun).

Funny you say that-- I had always assumed that people DID view JRUN as
an "enterprise" J2EE server.  I have always been reticent to move away
from JRUN because I expected CF to work more reliably with it and
support to be more readily available.  Of course neither of those
factors necessarily preclude the possibility that JRUN may lack in its
session replication.  

We are in the process of trying to consolidate our CF apps and Java apps
so they can be deployed on the same J2EE server.  Our Java team has used
WebSphere, JBoss, Tomcat and JRUN in the past.  Do you have a personal
preference over JRUN, Sean?  Or anyone for that matter who has
experience.

~Brad


~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:295148
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: Session Management - sticky sessions

[Sean Corfield]

On Dec 19, 2007 2:03 PM,  <[EMAIL PROTECTED]> wrote:
> The reason why I ask is, we have a coupon application that doesn't work with 
> sticky
> sessions and only works with the standard sessions management option.

That statement doesn't make any sense - how can an application *not*
work with sticky sessions? That would mean it doesn't work on a single
server...

The issue here is that if you do not have sticky session, you have to
be able to manage sessions that move between servers at will. That
means that either:
1) you use client scope instead of session scope (with all the
attendant restrictions)
2) you write your own session management based on cookies
3) you rely on session replication (and, if you're not on CF8, make
sure you don't put CFCs in session scope - and if you are on CF8, make
sure you don't put arrays in the CFCs that are in session scope - and
whatever other restrictions there are)

Session replication can introduce a *lot* of network overhead between
your servers as they all try to keep each other's session data in sync
(and that can lead to performance problems or latency and session
failure anyway). I don't recommend session replication except in very,
very specific situations (and I'd generally recommend you use an
"enterprise" J2EE server that does replication in an intelligent way -
i.e., not JRun).
-- 
Sean A Corfield -- (904) 302-SEAN
An Architect's View -- http://corfield.org/

"If you're not annoying somebody, you're not really alive."
-- Margaret Atwood

~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:295144
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Session Management - sticky sessions

[coldfusion . developer]

All,  Do I have this correct?

If your site is running on a cluster, in order to manage session variables 
properly,
you want to use the Java option within the CFadmin to manage session variables
cause the sessions will be foreced to use the server that initiated the session 
management?
Correct?

So in the case of a Forums application we would need to have this and only this
option setup, Correct?  

The reason why I ask is, we have a coupon application that doesn't work with 
sticky
sessions and only works with the standard sessions management option.  Is there 
any
other way to get reliable session management on a cluster configuration using 
standard
session management without having to go to sticky sessions?  The only thing I 
can think of
is using cookies so the information is stored on the client side.

Any other thoughts?

D

~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:295143
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: How to Prevent Simultaneous Login / Session Management

[Bobby Hartsfield]

You are going to have to be MUCH more specific. 
How are you logging users in? 
Using Sessions?
If so, what is in the session?

Code is the universal language here :-)

..:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.
Bobby Hartsfield
http://acoderslife.com

-Original Message-
From: thanh huy [mailto:[EMAIL PROTECTED] 
Sent: Thursday, August 02, 2007 3:06 AM
To: CF-Talk
Subject: Re: How to Prevent Simultaneous Login / Session Management

hi Bobby Hartsfield,
Could you tell me how to create the structure 'user' as you said.And  where
to put it?in Application.cfm file?
I check userID that try to login by  as you has shown,put the  code
in Login.cfm page,but error is at  tag.
Could you help me the solution,more clearly.
Thanks very much 



~|
Create robust enterprise, web RIAs.
Upgrade to ColdFusion 8 and integrate with Adobe Flex
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:285198
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: How to Prevent Simultaneous Login / Session Management

[thanh huy]

hi Bobby Hartsfield,
Could you tell me how to create the structure 'user' as you said.And
 where to put it?in Application.cfm file?
I check userID that try to login by  as you has shown,put the
 code in Login.cfm page,but error is at  tag.
Could you help me the solution,more clearly.
Thanks very much 

~|
Download the latest ColdFusion 8 utilities including Report Builder,
plug-ins for Eclipse and Dreamweaver updates.
http;//www.adobe.com/cfusion/entitlement/index.cfm?e=labs%5adobecf8%5Fbeta

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:285141
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: How to Prevent Simultaneous Login / Session Management

[thanh huy]

hi Bobby Hartsfield,
Could you tell me how to create the structure 'user' as you said.And
 where to put it?in Application.cfm file?
I check userID that try to login by  as you has shown,put the
 code in Login.cfm page,but error is at  tag.
Could you help me the solution,more clearly.
Thanks very much 

~|
Create robust enterprise, web RIAs.
Upgrade to ColdFusion 8 and integrate with Adobe Flex
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:285139
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: How to Prevent Simultaneous Login / Session Management

[James Holmes]

If you want the session to end (as far as CF is concerned) on browser
close you will have to trap an event with JS and do an ajax call to
cleanup the session on the server.

On 6/22/07, Paul Henderson <[EMAIL PROTECTED]> wrote:
> Thanks for all the feedback guys, I think the bumping technique described by 
> Jim and Josh will work best for me in this situation. Although it would be 
> niec to have a bullet proof login where simultaneous logins are denied, 
> sessions end on browser close or disconnect and users can log back in without 
> waiting for a session to timeout...maybe in CF9.

-- 
mxAjax / CFAjax docs and other useful articles:
http://www.bifrost.com.au/blog/

~|
CF 8 – Scorpio beta now available, 
easily build great internet experiences – Try it now on Labs
http://www.adobe.com/cfusion/entitlement/index.cfm?e=labs_adobecf8_beta

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:281863
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: How to Prevent Simultaneous Login / Session Management

[Paul Henderson]

Thanks for all the feedback guys, I think the bumping technique described by 
Jim and Josh will work best for me in this situation. Although it would be niec 
to have a bullet proof login where simultaneous logins are denied, sessions end 
on browser close or disconnect and users can log back in without waiting for a 
session to timeout...maybe in CF9.


-Original Message-
From: Jim Davis [mailto:[EMAIL PROTECTED] 
Sent: Thursday, June 21, 2007 2:38 PM
To: CF-Talk
Subject: Re: How to Prevent Simultaneous Login / Session Management

>I know I can prevent any simultaneous logins by simply flagging the account
>as "logged in" when a user logins. However, if the user closes the browser
>or is disconnected without properly logging out, how would I go about
>allowing them to log back in? Since as far as I know, the server and
>database would therefore have no way of knowing the user disconnected and
>would still see the user as logged in. I thought OnSessionEnd would do the
>trick, but as was pointed out to me on this list OnSessionEnd only runs when
>the session expires, not when the user disconnects. Any ideas are much
>appreciated, thanks.

Forgetting the actual coding involved there are at least two schools of thought 
on this.

+) Token-Based Refusal

In this style you'd store a token (as simple as an IP address but you might 
also include User Agent or anything else you can get your hands on or place a 
GUID in a cookie) along with the "logged in" status.  When another login is 
attempted using the same credentials you'd compare the information: if it's the 
same you'd allow the access.

If the user accidentally closes the browser they still have to log in, but if 
the info matches they get in immediately.

It isn't perfect (far from it) but it works well enough.  One issue is how to 
mange the information: you can't keep it forever (or else you'd be tying use of 
the application to a single computer).  Often you might manage this by having 
the information valid only as long as long as the session is (that way whether 
or not it's the same person logging in there's no conflict).  But you still 
might run into problems.

+) Bumping

This is the system adopted by many Instant Messaging systems: a new logon will 
kill a current log on.  The message "You have logged in on another computer" 
epitomizes it.  The session from the old computer is eliminated completely and 
the new session becomes the "real" one.

This honestly annoys me with IM but you'd have to review the idea with your 
audience in mind.

If there are actually two people trying to use the same account this can result 
in a tug-of-war with the credential rights, but that might be what you want.


Both methods assume that you a) know the details of your user's status (know 
whose logged in) and b) can affect that status in some way.  If the existence 
of a session implies a login then you've lost control for example.

This usually means implementation of some kind of "logged in queue" or the 
like.  Once you can interrogate whose logged in and modify that status either 
of these options become much simpler to implement.

Jim Davis



~|
ColdFusion 8 beta – Build next generation applications today.
Free beta download on Labs
http://www.adobe.com/cfusion/entitlement/index.cfm?e=labs_adobecf8_beta

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:281845
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: How to Prevent Simultaneous Login / Session Management

[Jim Davis]

>I know I can prevent any simultaneous logins by simply flagging the account
>as "logged in" when a user logins. However, if the user closes the browser
>or is disconnected without properly logging out, how would I go about
>allowing them to log back in? Since as far as I know, the server and
>database would therefore have no way of knowing the user disconnected and
>would still see the user as logged in. I thought OnSessionEnd would do the
>trick, but as was pointed out to me on this list OnSessionEnd only runs when
>the session expires, not when the user disconnects. Any ideas are much
>appreciated, thanks.

Forgetting the actual coding involved there are at least two schools of thought 
on this.

+) Token-Based Refusal

In this style you'd store a token (as simple as an IP address but you might 
also include User Agent or anything else you can get your hands on or place a 
GUID in a cookie) along with the "logged in" status.  When another login is 
attempted using the same credentials you'd compare the information: if it's the 
same you'd allow the access.

If the user accidentally closes the browser they still have to log in, but if 
the info matches they get in immediately.

It isn't perfect (far from it) but it works well enough.  One issue is how to 
mange the information: you can't keep it forever (or else you'd be tying use of 
the application to a single computer).  Often you might manage this by having 
the information valid only as long as long as the session is (that way whether 
or not it's the same person logging in there's no conflict).  But you still 
might run into problems.

+) Bumping

This is the system adopted by many Instant Messaging systems: a new logon will 
kill a current log on.  The message "You have logged in on another computer" 
epitomizes it.  The session from the old computer is eliminated completely and 
the new session becomes the "real" one.

This honestly annoys me with IM but you'd have to review the idea with your 
audience in mind.

If there are actually two people trying to use the same account this can result 
in a tug-of-war with the credential rights, but that might be what you want.


Both methods assume that you a) know the details of your user's status (know 
whose logged in) and b) can affect that status in some way.  If the existence 
of a session implies a login then you've lost control for example.

This usually means implementation of some kind of "logged in queue" or the 
like.  Once you can interrogate whose logged in and modify that status either 
of these options become much simpler to implement.

Jim Davis

~|
ColdFusion 8 beta – Build next generation applications today.
Free beta download on Labs
http://www.adobe.com/cfusion/entitlement/index.cfm?e=labs_adobecf8_beta

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:281821
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: How to Prevent Simultaneous Login / Session Management

[Josh Nathanson]

> I know I can prevent any simultaneous logins by simply flagging the 
> account
> as "logged in" when a user logins. However, if the user closes the browser
> or is disconnected without properly logging out, how would I go about
> allowing them to log back in?

I think maybe, he means that he's trying to prevent two different people 
from logging in with same credentials.  In this scenario, a user who doesn't 
click a logout button or something, will not be allowed to log back in with 
his own credentials, because they are still marked "logged in".

What I've done, rather than use a "loggedin" boolean field, is create a 
separate field in the user table called "validate".  On login, you create a 
UUID and insert it into the validate db field, and also have a session 
variable with the same UUID.  On each request you check the session variable 
against the db variable and make sure they match.  If someone else logs in 
with the same credentials, a new UUID is inserted in the db, and the 
currently logged in person is logged out because their validation fails.

In this way, only one person at a time may be logged in with a certain 
credential, but you don't have the problem of them not being able to log 
back in before the session ends.

-- Josh



- Original Message - 
From: "Andy Matthews" <[EMAIL PROTECTED]>
To: "CF-Talk" 
Sent: Thursday, June 21, 2007 10:00 AM
Subject: RE: How to Prevent Simultaneous Login / Session Management


> You shouldn't have an issue with this.
>
> Their browser should keep the cookie related to their server session and
> remember that they're logged in. If the session expires before they reopen
> their browser, then they'll get redirected to the login screen anyway.
>
> andy
>
> -Original Message-
> From: Paul Henderson [mailto:[EMAIL PROTECTED]
> Sent: Thursday, June 21, 2007 11:11 AM
> To: CF-Talk
> Subject: How to Prevent Simultaneous Login / Session Management
>
> I know I can prevent any simultaneous logins by simply flagging the 
> account
> as "logged in" when a user logins. However, if the user closes the browser
> or is disconnected without properly logging out, how would I go about
> allowing them to log back in? Since as far as I know, the server and
> database would therefore have no way of knowing the user disconnected and
> would still see the user as logged in. I thought OnSessionEnd would do the
> trick, but as was pointed out to me on this list OnSessionEnd only runs 
> when
> the session expires, not when the user disconnects. Any ideas are much
> appreciated, thanks.
>
>
>
>
>
>
>
>
>
>
>
> 

~|
CF 8 – Scorpio beta now available, 
easily build great internet experiences – Try it now on Labs
http://www.adobe.com/cfusion/entitlement/index.cfm?e=labs_adobecf8_beta

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:281818
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: How to Prevent Simultaneous Login / Session Management

[Mike Chabot]

If you don't want reuse sessions based on the value in the cookie, or
you want to prevent people who are intentionally trying to log in with
two sessions, kill any existing session that the person may have right
before logging them in with their new session. Keep track of active
sessions in the application structure. You should be able to find info
on tracking sessions in the application scope. I believe Ray Camden
has good info on his site about this.

Good luck,
Mike Chabot

On 6/21/07, Paul Henderson <[EMAIL PROTECTED]> wrote:
> I know I can prevent any simultaneous logins by simply flagging the account
> as "logged in" when a user logins. However, if the user closes the browser
> or is disconnected without properly logging out, how would I go about
> allowing them to log back in? Since as far as I know, the server and
> database would therefore have no way of knowing the user disconnected and
> would still see the user as logged in. I thought OnSessionEnd would do the
> trick, but as was pointed out to me on this list OnSessionEnd only runs when
> the session expires, not when the user disconnects. Any ideas are much
> appreciated, thanks.
>
>
>
>
>
>
>
>
>
> 

~|
Create Web Applications With ColdFusion MX7 & Flex 2. 
Build powerful, scalable RIAs. Free Trial
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJS 

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:281815
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

RE: How to Prevent Simultaneous Login / Session Management

[Bobby Hartsfield]

You could always just check the session scope for the account in question.
Whether the user has closed the browser and left their computer completely
or not doesn't really mean anything here. If the session is still there...
the account is technically logged in and there is really nothing you can do
but wait for it to time out since you don't know.

As for checking... the base of any login routine I write contains a basic
structure of info about the user to use throughout the session. Things like,
userid, username, emailaddress...
I store all of that info in a session structure like this when the user
jacks in ... 

session.myLoginSessionStructure.userID
session.myLoginSessionStructure.userName
session.myLoginSessionStructure.userEmailAddress
etc...

(actually I create a structure within session.myLoginSessionStructure called
'User' and store all the user specific info there but to keep it simple I'll
leave the extra struct out. I did do it this way at one time and it works
just as well.)

So if I want to check to see if a specific user's session exists by say...
their USERID... I would read each session.myLoginSessionStructure.userID
that is available and compare it to that UserID






users sesison already exists

users session does NOT already exist



..:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.
Bobby Hartsfield
http://acoderslife.com


-Original Message-
From: Paul Henderson [mailto:[EMAIL PROTECTED] 
Sent: Thursday, June 21, 2007 12:11 PM
To: CF-Talk
Subject: How to Prevent Simultaneous Login / Session Management

I know I can prevent any simultaneous logins by simply flagging the account
as "logged in" when a user logins. However, if the user closes the browser
or is disconnected without properly logging out, how would I go about
allowing them to log back in? Since as far as I know, the server and
database would therefore have no way of knowing the user disconnected and
would still see the user as logged in. I thought OnSessionEnd would do the
trick, but as was pointed out to me on this list OnSessionEnd only runs when
the session expires, not when the user disconnects. Any ideas are much
appreciated, thanks.

 

 

 





~|
CF 8 – Scorpio beta now available, 
easily build great internet experiences – Try it now on Labs
http://www.adobe.com/cfusion/entitlement/index.cfm?e=labs_adobecf8_beta

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:281812
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

RE: How to Prevent Simultaneous Login / Session Management

[Andy Matthews]

You shouldn't have an issue with this.

Their browser should keep the cookie related to their server session and
remember that they're logged in. If the session expires before they reopen
their browser, then they'll get redirected to the login screen anyway.

andy 

-Original Message-
From: Paul Henderson [mailto:[EMAIL PROTECTED] 
Sent: Thursday, June 21, 2007 11:11 AM
To: CF-Talk
Subject: How to Prevent Simultaneous Login / Session Management

I know I can prevent any simultaneous logins by simply flagging the account
as "logged in" when a user logins. However, if the user closes the browser
or is disconnected without properly logging out, how would I go about
allowing them to log back in? Since as far as I know, the server and
database would therefore have no way of knowing the user disconnected and
would still see the user as logged in. I thought OnSessionEnd would do the
trick, but as was pointed out to me on this list OnSessionEnd only runs when
the session expires, not when the user disconnects. Any ideas are much
appreciated, thanks.

 

 

 





~|
ColdFusion MX7 by Adobe®
Dyncamically transform webcontent into Adobe PDF with new ColdFusion MX7. 
Free Trial. http://www.adobe.com/products/coldfusion?sdid=RVJV

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:281802
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

How to Prevent Simultaneous Login / Session Management

[Paul Henderson]

I know I can prevent any simultaneous logins by simply flagging the account
as "logged in" when a user logins. However, if the user closes the browser
or is disconnected without properly logging out, how would I go about
allowing them to log back in? Since as far as I know, the server and
database would therefore have no way of knowing the user disconnected and
would still see the user as logged in. I thought OnSessionEnd would do the
trick, but as was pointed out to me on this list OnSessionEnd only runs when
the session expires, not when the user disconnects. Any ideas are much
appreciated, thanks.

 

 

 



~|
Macromedia ColdFusion MX7
Upgrade to MX7 & experience time-saving features, more productivity.
http://www.adobe.com/products/coldfusion?sdid=RVJW

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:281795
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: CFML and WML and session management

[Lee May]

> | But on real mobile device(SE, Nokia), it is different.When user 
> logout
> 
> | and select back, it shown the previous page and its content, but no
> | session timeout shown. And i found something funny, that is it
> | displays previous page without checking session.Does that means
> | session not existing? How to fix it?
> 
> Could it be that you see cached data+
> ###This message has been 
> scanned by F-Secure Anti-Virus for Microsoft 
> Exchange.Formore information, connect to http://www.F-Secure.com/ 


~|
Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting,
up-to-date ColdFusion information by your peers, delivered to your door four 
times a year.
http://www.fusionauthority.com/quarterly

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:252332
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

RE: CFML and WML and session management

[Hugo Ahlenius]

| But on real mobile device(SE, Nokia), it is different.When user logout

| and select back, it shown the previous page and its content, but no
| session timeout shown. And i found something funny, that is it
| displays previous page without checking session.Does that means
| session not existing? How to fix it?

Could it be that you see cached data+
###This message has been scanned by 
F-Secure Anti-Virus for Microsoft 
Exchange.Formore information, connect to http://www.F-Secure.com/ 


~|
Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting,
up-to-date ColdFusion information by your peers, delivered to your door four 
times a year.
http://www.fusionauthority.com/quarterly

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:252012
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: CFML and WML and session management

[Lee May]

> | It work perfectly on emulator but not on real mobile devices.
> | When the user logout and click back on real mobile devices, the
> | previous content is viewable and i can see that session is not 
> working
> 
> | through-out the application. It shouldn't be like this. Please 
> help!!
> | Thanks in advanced.
> 
> a) make sure that the logout is recorded in the session variables --
> destroy user objects, clear the session struct, remove any variables
> that are set "SESSION.isLoggedIn" etc
> b) kill the session cookies
> 
> /Hugo
> ###This message has been 
> scanned by F-Secure Anti-Virus for Microsoft 
> Exchange.Formore information, connect to http://www.F-Secure.com/ 

Hi! I think I have done what you mentioned. I tested it on dopod, it is 
working, session variables is cleared, and when user select back, it will 
shown" Session- time out, please login again". It works perfectly on IE(mobile 
browser) and on emulator(openwave, NMIT, yospace) on PC.I wondering maybe is 
the browser problems.

But on real mobile device(SE, Nokia), it is different.When user logout and 
select back, it shown the previous page and its content, but no session timeout 
shown. And i found something funny, that is it displays previous page without 
checking session.Does that means session not existing? How to fix it?

~|
Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting,
up-to-date ColdFusion information by your peers, delivered to your door four 
times a year.
http://www.fusionauthority.com/quarterly

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:252011
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: CFML and WML and session management

[Hugo Ahlenius]

| It work perfectly on emulator but not on real mobile devices.
| When the user logout and click back on real mobile devices, the
| previous content is viewable and i can see that session is not working

| through-out the application. It shouldn't be like this. Please help!!
| Thanks in advanced.

a) make sure that the logout is recorded in the session variables --
destroy user objects, clear the session struct, remove any variables
that are set "SESSION.isLoggedIn" etc
b) kill the session cookies

/Hugo
###This message has been scanned by 
F-Secure Anti-Virus for Microsoft 
Exchange.Formore information, connect to http://www.F-Secure.com/ 


~|
Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting,
up-to-date ColdFusion information by your peers, delivered to your door four 
times a year.
http://www.fusionauthority.com/quarterly

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:251952
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

CFML and WML and session management

[Lee May]

I'm using CFML and WML to develop a wap application. I meet the session 
management problems.
My application using session management, so when user login, session enabled to 
the application, user can view the menu, the content, everything, and click 
logout, session clear. When user click back after logout, the page display 
"session time-out, please login again".  

It work perfectly on emulator but not on real mobile devices. When the user 
logout and click back on real mobile devices, the previous content is viewable 
and i can see that session is not working through-out the application. It 
shouldn't be like this. Please help!!
Thanks in advanced.

~|
Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting,
up-to-date ColdFusion information by your peers, delivered to your door four 
times a year.
http://www.fusionauthority.com/quarterly

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:251950
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

RE: Expiring time of cookies for session management

[Kevin Roche]

Dave,

If you use:



The cookies themselves are permanent which has some consequences for most
applications.

I have in the past come back to an application and found myself still logged
in after being away for a week!

I now use:



And write the cookies myself.






That way you can easily set the tiemout period to anything you like. (above
is browser session)

Kevin


On 9/12/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I'm trying to clarify the expiration time for the Cookie.CFID and
Cookie.CFTOKEN cookies created when a new session starts.  Is it the length
of the time that is specified in the sessionmanagement attribute of the
cfapplication tag?  If so, is this documented anywhere?
>
> I did find some documentation (on livedocs) on how to make the cookies
automatically expire when the browser is closed, but I need to know what is
actually happening when those cookies are created by CF and I need some
documentation to back it up if at all possible.
>
> Thanks,
>
> Dave

--
Barney Boisvert
[EMAIL PROTECTED]
360.319.6145
http://www.barneyb.com/

Got Gmail? I have 100 invites.



~|
Find out how CFTicket can increase your company's customer support 
efficiency by 100%
http://www.houseoffusion.com/banners/view.cfm?bannerid=49

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:218009
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

Re: Expiring time of cookies for session management

[Douglas Knudsen]

I agree.  Note that the below will convert the cfid/cftoken to be
memory only cookie without the use of jssessionid







DK

On 9/12/05, Barney Boisvert <[EMAIL PROTECTED]> wrote:
> I'm almost positive that those two cookies are unexpiring, because
> they're used for more than just session management.  The session
> timeout is performed on the server - after period X, the cookies are
> accepted, but not considered to be part of the session any more.  If
> you le J2EE sessions in the CF admin, then you'll use a jsessionid
> cookie, which is a memory-only cookie.
> 
> cheers,
> barneyb
> 
> On 9/12/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> > Hi,
> >
> > I'm trying to clarify the expiration time for the Cookie.CFID and 
> > Cookie.CFTOKEN cookies created when a new session starts.  Is it the length 
> > of the time that is specified in the sessionmanagement attribute of the 
> > cfapplication tag?  If so, is this documented anywhere?
> >
> > I did find some documentation (on livedocs) on how to make the cookies 
> > automatically expire when the browser is closed, but I need to know what is 
> > actually happening when those cookies are created by CF and I need some 
> > documentation to back it up if at all possible.
> >
> > Thanks,
> >
> > Dave
> 
> --
> Barney Boisvert
> [EMAIL PROTECTED]
> 360.319.6145
> http://www.barneyb.com/
> 
> Got Gmail? I have 100 invites.
> 
> 

~|
Logware (www.logware.us): a new and convenient web-based time tracking 
application. Start tracking and documenting hours spent on a project or with a 
client with Logware today. Try it for free with a 15 day trial account.
http://www.houseoffusion.com/banners/view.cfm?bannerid=67

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:217972
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

Re: Expiring time of cookies for session management

[Barney Boisvert]

I'm almost positive that those two cookies are unexpiring, because
they're used for more than just session management.  The session
timeout is performed on the server - after period X, the cookies are
accepted, but not considered to be part of the session any more.  If
you le J2EE sessions in the CF admin, then you'll use a jsessionid
cookie, which is a memory-only cookie.

cheers,
barneyb

On 9/12/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> Hi,
> 
> I'm trying to clarify the expiration time for the Cookie.CFID and 
> Cookie.CFTOKEN cookies created when a new session starts.  Is it the length 
> of the time that is specified in the sessionmanagement attribute of the 
> cfapplication tag?  If so, is this documented anywhere?
> 
> I did find some documentation (on livedocs) on how to make the cookies 
> automatically expire when the browser is closed, but I need to know what is 
> actually happening when those cookies are created by CF and I need some 
> documentation to back it up if at all possible.
> 
> Thanks,
> 
> Dave

-- 
Barney Boisvert
[EMAIL PROTECTED]
360.319.6145
http://www.barneyb.com/

Got Gmail? I have 100 invites.

~|
Find out how CFTicket can increase your company's customer support 
efficiency by 100%
http://www.houseoffusion.com/banners/view.cfm?bannerid=49

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:217963
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

Expiring time of cookies for session management

[Dave.Phillips]

Hi,

I'm trying to clarify the expiration time for the Cookie.CFID and 
Cookie.CFTOKEN cookies created when a new session starts.  Is it the length of 
the time that is specified in the sessionmanagement attribute of the 
cfapplication tag?  If so, is this documented anywhere?

I did find some documentation (on livedocs) on how to make the cookies 
automatically expire when the browser is closed, but I need to know what is 
actually happening when those cookies are created by CF and I need some 
documentation to back it up if at all possible.

Thanks,

Dave
**
The information contained in this message, including attachments, may contain 
privileged or confidential information that is intended to be delivered only to 
the 
person identified above. If you are not the intended recipient, or the person 
responsible for delivering this message to the intended recipient, ALLTEL 
requests 
that you immediately notify the sender and asks that you do not read the 
message or its 
attachments, and that you delete them without copying or sending them to anyone 
else. 


~|
Logware (www.logware.us): a new and convenient web-based time tracking 
application. Start tracking and documenting hours spent on a project or with a 
client with Logware today. Try it for free with a 15 day trial account.
http://www.houseoffusion.com/banners/view.cfm?bannerid=67

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:217962
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

Re: detecting session management

[Rick Root]

Robertson-Ravo, Neil (RX) wrote:
> You can also tell if session management is on at the server level.
> 
>  "coldfusion.server.ServiceFactory").RuntimeService.isSessionEnabled()>

Alas, that's not particularly cross platform... ie, doesn't work in 
bluedragon. =)  I'm working on some updates to my coldfusion file 
manager (www.webworksllc.com/cffm) and I need it to work in both CFMX 
and BD.

Looks like I'll be using my initial idea of the try/catch.

Rick


~|
Logware (www.logware.us): a new and convenient web-based time tracking 
application. Start tracking and documenting hours spent on a project or with a 
client with Logware today. Try it for free with a 15 day trial account.
http://www.houseoffusion.com/banners/view.cfm?bannerid=67

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:212983
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

RE: detecting session management

[Robertson-Ravo, Neil (RX)]

Best bet is to simply do this



And the cfdump foo to see what you can get at.






-Original Message-
From: Kevin Bridges [mailto:[EMAIL PROTECTED] 
Sent: 27 July 2005 15:00
To: CF-Talk
Subject: Re: detecting session management

That is neat! Is there a good location to read about additional objects 
that are available like that?




Robertson-Ravo, Neil (RX) wrote:

>You can also tell if session management is on at the server level.
>
>"coldfusion.server.ServiceFactory").RuntimeService.isSessionEnabled()>
>
>
>  
>




~|
Logware (www.logware.us): a new and convenient web-based time tracking 
application. Start tracking and documenting hours spent on a project or with a 
client with Logware today. Try it for free with a 15 day trial account.
http://www.houseoffusion.com/banners/view.cfm?bannerid=67

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:212975
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

Re: detecting session management

[Kevin Bridges]

That is neat! Is there a good location to read about additional objects 
that are available like that?




Robertson-Ravo, Neil (RX) wrote:

>You can also tell if session management is on at the server level.
>
>"coldfusion.server.ServiceFactory").RuntimeService.isSessionEnabled()>
>
>
>  
>


~|
Logware (www.logware.us): a new and convenient web-based time tracking 
application. Start tracking and documenting hours spent on a project or with a 
client with Logware today. Try it for free with a 15 day trial account.
http://www.houseoffusion.com/banners/view.cfm?bannerid=67

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:212974
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

RE: detecting session management

[Robertson-Ravo, Neil (RX)]

You can also tell if session management is on at the server level.






-Original Message-
From: Kevin Bridges [mailto:[EMAIL PROTECTED] 
Sent: 27 July 2005 14:38
To: CF-Talk
Subject: Re: detecting session management

Have you tried #isDefined("session")#

Rick Root wrote:

>Is it possible to detect if session management is enabled in a given 
>application?
>
>I think I could probably do something like this:
>
>
>
>
>
>   
>
>
>
>I just wondered if there was a better way.
>
>Rick
>
>
>



~|
Logware (www.logware.us): a new and convenient web-based time tracking 
application. Start tracking and documenting hours spent on a project or with a 
client with Logware today. Try it for free with a 15 day trial account.
http://www.houseoffusion.com/banners/view.cfm?bannerid=67

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:212965
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

Re: detecting session management

[Rick Root]

Kevin Bridges wrote:
> Have you tried #isDefined("session")#

I did not, but that doesn't work.  The session scope is apparently 
always defined, you just can't access it.

For example:

#isDefined("session")#




outputs "YES", then dumps the application scope (which in my case it 
only shows the applicationname key, which equals "foo"), and it dumps an 
empty struct for session, then errors when you try to set an actual 
session variable.

Rick


~|
Find out how CFTicket can increase your company's customer support 
efficiency by 100%
http://www.houseoffusion.com/banners/view.cfm?bannerid=49

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:212964
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

Re: detecting session management

[Kevin Bridges]

Have you tried #isDefined("session")#

Rick Root wrote:

>Is it possible to detect if session management is enabled in a given 
>application?
>
>I think I could probably do something like this:
>
>
>
>
>
>   
>
>
>
>I just wondered if there was a better way.
>
>Rick
>
>
>

~|
Logware (www.logware.us): a new and convenient web-based time tracking 
application. Start tracking and documenting hours spent on a project or with a 
client with Logware today. Try it for free with a 15 day trial account.
http://www.houseoffusion.com/banners/view.cfm?bannerid=67

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:212961
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

detecting session management

[Rick Root]

Is it possible to detect if session management is enabled in a given 
application?

I think I could probably do something like this:





   



I just wondered if there was a better way.

Rick


~|
Logware (www.logware.us): a new and convenient web-based time tracking 
application. Start tracking and documenting hours spent on a project or with a 
client with Logware today. Try it for free with a 15 day trial account.
http://www.houseoffusion.com/banners/view.cfm?bannerid=67

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:212957
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

RE: Detect if Session Management is enabled?

[Dave Watts]

> The try/catch method is the only one that seems to work, and 
> is going to write to error logs right?

No, it won't automatically write to error logs. That's up to you. You can do
that using the CFLOG tag.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/

Fig Leaf Software provides the highest caliber vendor-authorized 
instruction at our training centers in Washington DC, Atlanta, 
Chicago, Baltimore, Northern Virginia, or on-site at your location. 
Visit http://training.figleaf.com/ for more information!


~|
Logware (www.logware.us): a new and convenient web-based time tracking 
application. Start tracking and documenting hours spent on a project or with a 
client with Logware today. Try it for free with a 15 day trial account.
http://www.houseoffusion.com/banners/view.cfm?bannerid=67

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:212048
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

RE: Detect if Session Management is enabled?

[Loathe]

The try/catch method is the only one that seems to work, and is going to
write to error logs right?

I did isDefined('session') which came back YES.

Unfortunately we aren't doing CF 7 development on this one :(

Tim

-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Friday, July 15, 2005 6:05 PM
To: CF-Talk
Subject: RE: Detect if Session Management is enabled?


> How would you do this programmatically?

One easy way, offhand:






        ... Session management isn't enabled - do something!




Alternatively, you might test for the existence of the Session scope - I
don't know if that'll work, but it might:

...

Finally, in CFMX 7 the values that you'd set within your Application.cfc are
available as variables within it, although I'm not sure how (or if) they're
available outside the Application.cfc instance.

There may well be other, better methods, but this is what popped into my
head.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/

Fig Leaf Software provides the highest caliber vendor-authorized
instruction at our training centers in Washington DC, Atlanta,
Chicago, Baltimore, Northern Virginia, or on-site at your location.
Visit http://training.figleaf.com/ for more information!




~|
Find out how CFTicket can increase your company's customer support 
efficiency by 100%
http://www.houseoffusion.com/banners/view.cfm?bannerid=49

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:212045
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

RE: Detect if Session Management is enabled?

[Dave Watts]

> How would you do this programmatically?

One easy way, offhand:






... Session management isn't enabled - do something!




Alternatively, you might test for the existence of the Session scope - I
don't know if that'll work, but it might:

...

Finally, in CFMX 7 the values that you'd set within your Application.cfc are
available as variables within it, although I'm not sure how (or if) they're
available outside the Application.cfc instance.

There may well be other, better methods, but this is what popped into my
head.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/

Fig Leaf Software provides the highest caliber vendor-authorized 
instruction at our training centers in Washington DC, Atlanta, 
Chicago, Baltimore, Northern Virginia, or on-site at your location. 
Visit http://training.figleaf.com/ for more information!


~|
Discover CFTicket - The leading ColdFusion Help Desk and Trouble 
Ticket application

http://www.houseoffusion.com/banners/view.cfm?bannerid=48

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:212043
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54