RE: [ACFUG Discuss] Apache 2.2.15 & ColdFusion 8 Enterprise - Sessions not sticking
That actually makes some sense, quirky and crappy as it might be. When using IIS to set up website directories, you can't use the underscore in a header value. So, it seems likely that IE would reject the presence of the underscore in the domain portion of the URL and perform unpredictable hidden religious rituals with it. Troy Jones P.S. Sorry, I said "makes sense" when what I really meant was "it figures"... ___ Troy Jones | Director of Technical Services | Dynapp Inc | 1-800-830-5192 ext. 603 | dynapp.com | facebook.com/dynapp -Original Message- From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Mike Staver Sent: Monday, April 05, 2010 4:03 PM To: discussion@acfug.org Subject: RE: [ACFUG Discuss] Apache 2.2.15 & ColdFusion 8 Enterprise - Sessions not sticking I've found the cause of the sessions not sticking. Sadly, it appears to be a bug with IE 7. I don't have any other versions of IE here to try it on, since the govt agency I work for controls the desktops. I may try it from home tonight when I get bored to confirm all this. A few other notes about the set up here - under Apache, we require client certs in this manner: SSLVerifyClient require SSLVerifyDepth 2 SSLCACertificateFile "C:/some.cert.file.pem" SSLOptions +ExportCertData +StdEnvVars I also turn on a few extra options that I have listed above. None of that should have mattered in topic I asked about last week, but I just wanted to list everything. After a full week of trying different configurations, nothing worked. At the end of all the trial and error, the only difference between the two machines was the URL. I glossed over that initially because it shouldn't matter. Other than pointing to a different IP, the URL should have nothing to do with how ColdFusion handles session variables. Well, when it comes to internet explorer, you should assume nothing :) I had two urls similar to these: somesite.stuff.dom somesite_cf8.stuff.dom The only difference between my two sites at that point was the _cf8 in the second domain name. Yep, you guessed it - IE 7 refuses to keep sessions straight if your domain name has an underscore in it and you are using SSL. Dashes are fine, underscores are not. My bad I guess for thinking I could use one in the URL, apparently I should have used dashes. DOH! > Mike, I've not heard of the problem, but if I were in your shoes I'd be > looking at two things to help narrow down the cause/solution. > > First, have you tried making the request from another IE (on another > machine, I mean), just to rule out something up in your specific IE setup? > > Second, are you accessing the CFR Admin using the built-in web server port > (such as 8500 or 8300, or something like that), or via Apache (port 80)? > That may have an influence, and you may see a difference if you try one > versus the other. > > Finally, are you using "J2EE Sessions" (a setting on the CF Admin "Memory > Variables" page)? That may influence things. If you could try reversing > its > setting, again it may be interesting to hear. I realize you may not want > to > do that if this is a prod box and you don't know whether people are > specifically benefiting from J2EE sessions (if enabled) or would be hurt > by > enabling it (if it's currently disabled). > > BTW, I can't see how the "UUID for cftoken" would have an influence on > this > problem at all, as it only influences the kind of string created for the > CFTOKEN so shouldn't matter if it's transported via SSL or not (and if > you're using J2EE sessions, then it has no connection to sessions at all.) > > Hope something there's helpful. > > /charlie > > >> -Original Message----- >> From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Mike Staver >> Sent: Wednesday, March 31, 2010 7:13 PM >> To: discussion@acfug.org >> Subject: [ACFUG Discuss] Apache 2.2.15 & ColdFusion 8 Enterprise - >> Sessions not sticking >> >> I have 2 ColdFusion 8 instances installed on Windows 2003. I'm running >> these websites under Apache 2.2.15, configured exactly the same way, >> other >> than domain names and IP addresses in the configs. The first box works >> as >> expected. I can log onto CF Admin over SSL, or any other website in my >> Apache config. The second machine started showing problems almost >> immediately after I installed ColdFusion. The last part of the install >> involves firing up a web browser at the default website and you then >> log >> into CF Admin. When I attempted this, no matter how many times I >
RE: [ACFUG Discuss] Apache 2.2.15 & ColdFusion 8 Enterprise - Sessions not sticking
I've found the cause of the sessions not sticking. Sadly, it appears to be a bug with IE 7. I don't have any other versions of IE here to try it on, since the govt agency I work for controls the desktops. I may try it from home tonight when I get bored to confirm all this. A few other notes about the set up here - under Apache, we require client certs in this manner: SSLVerifyClient require SSLVerifyDepth 2 SSLCACertificateFile "C:/some.cert.file.pem" SSLOptions +ExportCertData +StdEnvVars I also turn on a few extra options that I have listed above. None of that should have mattered in topic I asked about last week, but I just wanted to list everything. After a full week of trying different configurations, nothing worked. At the end of all the trial and error, the only difference between the two machines was the URL. I glossed over that initially because it shouldn't matter. Other than pointing to a different IP, the URL should have nothing to do with how ColdFusion handles session variables. Well, when it comes to internet explorer, you should assume nothing :) I had two urls similar to these: somesite.stuff.dom somesite_cf8.stuff.dom The only difference between my two sites at that point was the _cf8 in the second domain name. Yep, you guessed it - IE 7 refuses to keep sessions straight if your domain name has an underscore in it and you are using SSL. Dashes are fine, underscores are not. My bad I guess for thinking I could use one in the URL, apparently I should have used dashes. DOH! > Mike, I've not heard of the problem, but if I were in your shoes I'd be > looking at two things to help narrow down the cause/solution. > > First, have you tried making the request from another IE (on another > machine, I mean), just to rule out something up in your specific IE setup? > > Second, are you accessing the CFR Admin using the built-in web server port > (such as 8500 or 8300, or something like that), or via Apache (port 80)? > That may have an influence, and you may see a difference if you try one > versus the other. > > Finally, are you using "J2EE Sessions" (a setting on the CF Admin "Memory > Variables" page)? That may influence things. If you could try reversing > its > setting, again it may be interesting to hear. I realize you may not want > to > do that if this is a prod box and you don't know whether people are > specifically benefiting from J2EE sessions (if enabled) or would be hurt > by > enabling it (if it's currently disabled). > > BTW, I can't see how the "UUID for cftoken" would have an influence on > this > problem at all, as it only influences the kind of string created for the > CFTOKEN so shouldn't matter if it's transported via SSL or not (and if > you're using J2EE sessions, then it has no connection to sessions at all.) > > Hope something there's helpful. > > /charlie > > >> -Original Message- >> From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Mike Staver >> Sent: Wednesday, March 31, 2010 7:13 PM >> To: discussion@acfug.org >> Subject: [ACFUG Discuss] Apache 2.2.15 & ColdFusion 8 Enterprise - >> Sessions not sticking >> >> I have 2 ColdFusion 8 instances installed on Windows 2003. I'm running >> these websites under Apache 2.2.15, configured exactly the same way, >> other >> than domain names and IP addresses in the configs. The first box works >> as >> expected. I can log onto CF Admin over SSL, or any other website in my >> Apache config. The second machine started showing problems almost >> immediately after I installed ColdFusion. The last part of the install >> involves firing up a web browser at the default website and you then >> log >> into CF Admin. When I attempted this, no matter how many times I >> entered >> what I knew to be the correct password, I was not able to login. I >> then >> reset the password only to have the same issue. I then decided to try >> another web browser other than IE 7. Firefox 3.6.2 works fine. Back >> to >> IE - still no go. Frustrated, I turned off SSL. Oddly, I can now log >> into CF Admin. After some investigation, I have discovered that >> sessions >> are not sticking at all over SSL. I have eliminated specific certs as >> the >> problem, as I tried the certs from the other box and I still get the >> same >> result. For every web page I request from the server in IE over SSL, I >> get assigned a new token. It doesn't matter if I have the "Use UUID >> for >> cftoken" value set to true or false. Nothing works over SSL in IE. I >> have tried everything I can
Re: [ACFUG Discuss] Apache 2.2.15 & ColdFusion 8 Enterprise - Sessions not sticking
Thanks for the clarification about logging issue after reinstall. I came across this another post. http://www.jensbits.com/2009/07/29/coldfusion-dropping-losing-or-resetting-session-variables-and-cfidcftoken/ Look at the last 3 comments. By the way, you are not bugging at all. We hope you get this resolved soon. Would be great to know what happened or what was going on. :-) Keep us updated. http://ajashadi.blogspot.com We cannot become what we need to be, remaining what we are. No matter what, find a way. Because thats what winners do. You can't improve what you don't measure. Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution; it represents the wise choice of many alternatives. On Thu, Apr 1, 2010 at 11:35 AM, Mike Staver wrote: > Thanks Ajas, I'll see what this returns on my server. > > To answer your other question, I reinstalled the same day as when I first > installed cf. Having never come across this issue over the last 15 years, I > assumed something was corrupted. Yes, after the reinstall I have the same > problem, which is why I'm bugging all of you here :) > > -Mike > > On Apr 1, 2010, at 9:06 AM, Ajas Mohammed wrote: > > I came across this post. See if it helps. > <http://www.mail-archive.com/houc...@googlegroups.com/msg00486.html> > http://www.mail-archive.com/houc...@googlegroups.com/msg00486.html > > This is discussed in that url I posted. > > > > > > > > > > On the server where sessions are not sticking, the HttpRequestData has > zero keys for the cookie; > > > Hope this helps. > > > <http://ajashadi.blogspot.com>http://ajashadi.blogspot.com > We cannot become what we need to be, remaining what we are. > No matter what, find a way. Because thats what winners do. > You can't improve what you don't measure. > Quality is never an accident; it is always the result of high intention, > sincere effort, intelligent direction and skillful execution; it represents > the wise choice of many alternatives. > > > On Thu, Apr 1, 2010 at 10:18 AM, Ajas Mohammed < > ajash...@gmail.com> wrote: > >> Mike, >> >> On the server causing issues, when you did reinstall, did you have same >> problem after reinstall, i.e.logging into the administrator for the default >> site in IE7? >> >> *The last part of the install involves firing up a web browser at the >>> default website and you then log into CF Admin. When I attempted this, no >>> matter how many times I entered what I knew to be the correct password, I >>> was not able to login. >>> * >> >> >> And if you dont mind, can you share the application.cfm or cfc off the >> list. I am just curious now to find what is going on. >> >> Thanks, >> >> >> <http://ajashadi.blogspot.com>http://ajashadi.blogspot.com >> We cannot become what we need to be, remaining what we are. >> No matter what, find a way. Because thats what winners do. >> You can't improve what you don't measure. >> Quality is never an accident; it is always the result of high intention, >> sincere effort, intelligent direction and skillful execution; it represents >> the wise choice of many alternatives. >> >> >> >> On Wed, Mar 31, 2010 at 11:47 PM, Charlie Arehart < >> char...@carehart.org> wrote: >> >>> OK, hope the info may help others narrow in on a solution. (And my bad >>> for >>> listing non-ssl ports for my examples of the two web servers. I'm just so >>> used to listing them to help people who don't often know the difference >>> between the two web server alternatives just by name.) >>> >>> /charlie >>> >>> >>> > -Original Message- >>> > From: ad...@acfug.org [mailto: >>> ad...@acfug.org] On Behalf Of Mike Staver >>> > Sent: Wednesday, March 31, 2010 11:28 PM >>> > To: discussion@acfug.org >>> > Subject: RE: [ACFUG Discuss] Apache 2.2.15 & ColdFusion 8 Enterprise - >>> > Sessions not sticking >>> > >>> > Thanks Charlie - to answer your questions: >>> >>> >>> >>> >>> >>> >>> >>> - >>> To unsubscribe from this list, manage your profile @ >>> <http://www.acfug.org?fa=login.edituserform> >>> http://www.acfug.org?fa=login.edituserform >>> >>> For more info, see <http://www.acfug.org/mailinglists> >>> http://www.acfug.org/mailinglists >>> Archive @ <http://www.mail-archive.com/discussion%40acfug.org/> >>> http://www.mail-archive.com/discussion%40acfug.org/ >>> List hosted by <http://www.fusionlink.com>http://www.fusionlink.com >>> - >>> >>> >>> >>> >> >
Re: [ACFUG Discuss] Apache 2.2.15 & ColdFusion 8 Enterprise - Sessions not sticking
Thanks Ajas, I'll see what this returns on my server. To answer your other question, I reinstalled the same day as when I first installed cf. Having never come across this issue over the last 15 years, I assumed something was corrupted. Yes, after the reinstall I have the same problem, which is why I'm bugging all of you here :) -Mike On Apr 1, 2010, at 9:06 AM, Ajas Mohammed wrote: I came across this post. See if it helps. http://www.mail-archive.com/houc...@googlegroups.com/msg00486.html This is discussed in that url I posted. On the server where sessions are not sticking, the HttpRequestData has zero keys for the cookie; Hope this helps. http://ajashadi.blogspot.com We cannot become what we need to be, remaining what we are. No matter what, find a way. Because thats what winners do. You can't improve what you don't measure. Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution; it represents the wise choice of many alternatives. On Thu, Apr 1, 2010 at 10:18 AM, Ajas Mohammed wrote: Mike, On the server causing issues, when you did reinstall, did you have same problem after reinstall, i.e.logging into the administrator for the default site in IE7? The last part of the install involves firing up a web browser at the default website and you then log into CF Admin. When I attempted this, no matter how many times I entered what I knew to be the correct password, I was not able to login. And if you dont mind, can you share the application.cfm or cfc off the list. I am just curious now to find what is going on. Thanks, http://ajashadi.blogspot.com We cannot become what we need to be, remaining what we are. No matter what, find a way. Because thats what winners do. You can't improve what you don't measure. Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution; it represents the wise choice of many alternatives. On Wed, Mar 31, 2010 at 11:47 PM, Charlie Arehart > wrote: OK, hope the info may help others narrow in on a solution. (And my bad for listing non-ssl ports for my examples of the two web servers. I'm just so used to listing them to help people who don't often know the difference between the two web server alternatives just by name.) /charlie > -Original Message- > From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Mike Staver > Sent: Wednesday, March 31, 2010 11:28 PM > To: discussion@acfug.org > Subject: RE: [ACFUG Discuss] Apache 2.2.15 & ColdFusion 8 Enterprise - > Sessions not sticking > > Thanks Charlie - to answer your questions: - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] Apache 2.2.15 & ColdFusion 8 Enterprise - Sessions not sticking
I came across this post. See if it helps. http://www.mail-archive.com/houc...@googlegroups.com/msg00486.html This is discussed in that url I posted. On the server where sessions are not sticking, the HttpRequestData has zero keys for the cookie; Hope this helps. http://ajashadi.blogspot.com We cannot become what we need to be, remaining what we are. No matter what, find a way. Because thats what winners do. You can't improve what you don't measure. Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution; it represents the wise choice of many alternatives. On Thu, Apr 1, 2010 at 10:18 AM, Ajas Mohammed wrote: > Mike, > > On the server causing issues, when you did reinstall, did you have same > problem after reinstall, i.e.logging into the administrator for the default > site in IE7? > > *The last part of the install involves firing up a web browser at the >> default website and you then log into CF Admin. When I attempted this, no >> matter how many times I entered what I knew to be the correct password, I >> was not able to login. >> * > > > And if you dont mind, can you share the application.cfm or cfc off the > list. I am just curious now to find what is going on. > > Thanks, > > > http://ajashadi.blogspot.com > We cannot become what we need to be, remaining what we are. > No matter what, find a way. Because thats what winners do. > You can't improve what you don't measure. > Quality is never an accident; it is always the result of high intention, > sincere effort, intelligent direction and skillful execution; it represents > the wise choice of many alternatives. > > > > On Wed, Mar 31, 2010 at 11:47 PM, Charlie Arehart wrote: > >> OK, hope the info may help others narrow in on a solution. (And my bad for >> listing non-ssl ports for my examples of the two web servers. I'm just so >> used to listing them to help people who don't often know the difference >> between the two web server alternatives just by name.) >> >> /charlie >> >> >> > -Original Message- >> > From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Mike Staver >> > Sent: Wednesday, March 31, 2010 11:28 PM >> > To: discussion@acfug.org >> > Subject: RE: [ACFUG Discuss] Apache 2.2.15 & ColdFusion 8 Enterprise - >> > Sessions not sticking >> > >> > Thanks Charlie - to answer your questions: >> >> >> >> >> >> >> >> - >> To unsubscribe from this list, manage your profile @ >> http://www.acfug.org?fa=login.edituserform >> >> For more info, see http://www.acfug.org/mailinglists >> Archive @ http://www.mail-archive.com/discussion%40acfug.org/ >> List hosted by http://www.fusionlink.com >> - >> >> >> >> >
Re: [ACFUG Discuss] Apache 2.2.15 & ColdFusion 8 Enterprise - Sessions not sticking
Mike, On the server causing issues, when you did reinstall, did you have same problem after reinstall, i.e.logging into the administrator for the default site in IE7? *The last part of the install involves firing up a web browser at the > default website and you then log into CF Admin. When I attempted this, no > matter how many times I entered what I knew to be the correct password, I > was not able to login. > * And if you dont mind, can you share the application.cfm or cfc off the list. I am just curious now to find what is going on. Thanks, http://ajashadi.blogspot.com We cannot become what we need to be, remaining what we are. No matter what, find a way. Because thats what winners do. You can't improve what you don't measure. Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution; it represents the wise choice of many alternatives. On Wed, Mar 31, 2010 at 11:47 PM, Charlie Arehart wrote: > OK, hope the info may help others narrow in on a solution. (And my bad for > listing non-ssl ports for my examples of the two web servers. I'm just so > used to listing them to help people who don't often know the difference > between the two web server alternatives just by name.) > > /charlie > > > > -Original Message- > > From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Mike Staver > > Sent: Wednesday, March 31, 2010 11:28 PM > > To: discussion@acfug.org > > Subject: RE: [ACFUG Discuss] Apache 2.2.15 & ColdFusion 8 Enterprise - > > Sessions not sticking > > > > Thanks Charlie - to answer your questions: > > > > > > > > - > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by http://www.fusionlink.com > - > > > >
RE: [ACFUG Discuss] Apache 2.2.15 & ColdFusion 8 Enterprise - Sessions not sticking
OK, hope the info may help others narrow in on a solution. (And my bad for listing non-ssl ports for my examples of the two web servers. I'm just so used to listing them to help people who don't often know the difference between the two web server alternatives just by name.) /charlie > -Original Message- > From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Mike Staver > Sent: Wednesday, March 31, 2010 11:28 PM > To: discussion@acfug.org > Subject: RE: [ACFUG Discuss] Apache 2.2.15 & ColdFusion 8 Enterprise - > Sessions not sticking > > Thanks Charlie - to answer your questions: - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
RE: [ACFUG Discuss] Apache 2.2.15 & ColdFusion 8 Enterprise - Sessions not sticking
Thanks Charlie - to answer your questions: 1) I'm accessing CF Admin from Apache on port 80. It's not working under Apache port 443. 2) Yep, all my users / other developers on the network report the same problem under IE. I'm the only person with Firefox on the network for bogus security reasons which I won't get into at this time... 3) Right - I wasn't expecting the UUID setting to have any effect, I was just trying to be thorough with trying everything, including printing the CF Settings Summary screen and making sure everything was identical between the two machines. No, I'm not using J2EE sessions. I forgot to mention that the J2EE setting was the first thing I tried and it didn't make a difference. Both instances are also set to have client variables turned on and using the registry to store them. Again, I don't expect that setting to have any impact with session variables. Another note - both machines have 3 URLs on them with identical code. Along with the CF Admin installed to it's own directory, there are 2 other applications. Both apps work great on the other server. Neither work on the server in question. Thanks again for the input, I'll keep banging my head against the wall until I can think of a possible reason for this. > Mike, I've not heard of the problem, but if I were in your shoes I'd be > looking at two things to help narrow down the cause/solution. > > First, have you tried making the request from another IE (on another > machine, I mean), just to rule out something up in your specific IE setup? > > Second, are you accessing the CFR Admin using the built-in web server port > (such as 8500 or 8300, or something like that), or via Apache (port 80)? > That may have an influence, and you may see a difference if you try one > versus the other. > > Finally, are you using "J2EE Sessions" (a setting on the CF Admin "Memory > Variables" page)? That may influence things. If you could try reversing > its > setting, again it may be interesting to hear. I realize you may not want > to > do that if this is a prod box and you don't know whether people are > specifically benefiting from J2EE sessions (if enabled) or would be hurt > by > enabling it (if it's currently disabled). > > BTW, I can't see how the "UUID for cftoken" would have an influence on > this > problem at all, as it only influences the kind of string created for the > CFTOKEN so shouldn't matter if it's transported via SSL or not (and if > you're using J2EE sessions, then it has no connection to sessions at all.) > > Hope something there's helpful. > > /charlie > > >> -----Original Message- >> From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Mike Staver >> Sent: Wednesday, March 31, 2010 7:13 PM >> To: discussion@acfug.org >> Subject: [ACFUG Discuss] Apache 2.2.15 & ColdFusion 8 Enterprise - >> Sessions not sticking >> >> I have 2 ColdFusion 8 instances installed on Windows 2003. I'm running >> these websites under Apache 2.2.15, configured exactly the same way, >> other >> than domain names and IP addresses in the configs. The first box works >> as >> expected. I can log onto CF Admin over SSL, or any other website in my >> Apache config. The second machine started showing problems almost >> immediately after I installed ColdFusion. The last part of the install >> involves firing up a web browser at the default website and you then >> log >> into CF Admin. When I attempted this, no matter how many times I >> entered >> what I knew to be the correct password, I was not able to login. I >> then >> reset the password only to have the same issue. I then decided to try >> another web browser other than IE 7. Firefox 3.6.2 works fine. Back >> to >> IE - still no go. Frustrated, I turned off SSL. Oddly, I can now log >> into CF Admin. After some investigation, I have discovered that >> sessions >> are not sticking at all over SSL. I have eliminated specific certs as >> the >> problem, as I tried the certs from the other box and I still get the >> same >> result. For every web page I request from the server in IE over SSL, I >> get assigned a new token. It doesn't matter if I have the "Use UUID >> for >> cftoken" value set to true or false. Nothing works over SSL in IE. I >> have tried everything I can think of to address this, including >> resinstalling ColdFusion completely - obviously using the same >> installer >> and patch level from the other box. The only differen
RE: [ACFUG Discuss] Apache 2.2.15 & ColdFusion 8 Enterprise - Sessions not sticking
Mike, I've not heard of the problem, but if I were in your shoes I'd be looking at two things to help narrow down the cause/solution. First, have you tried making the request from another IE (on another machine, I mean), just to rule out something up in your specific IE setup? Second, are you accessing the CFR Admin using the built-in web server port (such as 8500 or 8300, or something like that), or via Apache (port 80)? That may have an influence, and you may see a difference if you try one versus the other. Finally, are you using "J2EE Sessions" (a setting on the CF Admin "Memory Variables" page)? That may influence things. If you could try reversing its setting, again it may be interesting to hear. I realize you may not want to do that if this is a prod box and you don't know whether people are specifically benefiting from J2EE sessions (if enabled) or would be hurt by enabling it (if it's currently disabled). BTW, I can't see how the "UUID for cftoken" would have an influence on this problem at all, as it only influences the kind of string created for the CFTOKEN so shouldn't matter if it's transported via SSL or not (and if you're using J2EE sessions, then it has no connection to sessions at all.) Hope something there's helpful. /charlie > -Original Message- > From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Mike Staver > Sent: Wednesday, March 31, 2010 7:13 PM > To: discussion@acfug.org > Subject: [ACFUG Discuss] Apache 2.2.15 & ColdFusion 8 Enterprise - > Sessions not sticking > > I have 2 ColdFusion 8 instances installed on Windows 2003. I'm running > these websites under Apache 2.2.15, configured exactly the same way, > other > than domain names and IP addresses in the configs. The first box works > as > expected. I can log onto CF Admin over SSL, or any other website in my > Apache config. The second machine started showing problems almost > immediately after I installed ColdFusion. The last part of the install > involves firing up a web browser at the default website and you then > log > into CF Admin. When I attempted this, no matter how many times I > entered > what I knew to be the correct password, I was not able to login. I > then > reset the password only to have the same issue. I then decided to try > another web browser other than IE 7. Firefox 3.6.2 works fine. Back > to > IE - still no go. Frustrated, I turned off SSL. Oddly, I can now log > into CF Admin. After some investigation, I have discovered that > sessions > are not sticking at all over SSL. I have eliminated specific certs as > the > problem, as I tried the certs from the other box and I still get the > same > result. For every web page I request from the server in IE over SSL, I > get assigned a new token. It doesn't matter if I have the "Use UUID > for > cftoken" value set to true or false. Nothing works over SSL in IE. I > have tried everything I can think of to address this, including > resinstalling ColdFusion completely - obviously using the same > installer > and patch level from the other box. The only differences between these > boxes again are the IP addresses and domain names. > > Please tell me somebody has seen this before and fixed it :) > > > - > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by http://www.fusionlink.com > - > > - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
[ACFUG Discuss] Apache 2.2.15 & ColdFusion 8 Enterprise - Sessions not sticking
I have 2 ColdFusion 8 instances installed on Windows 2003. I'm running these websites under Apache 2.2.15, configured exactly the same way, other than domain names and IP addresses in the configs. The first box works as expected. I can log onto CF Admin over SSL, or any other website in my Apache config. The second machine started showing problems almost immediately after I installed ColdFusion. The last part of the install involves firing up a web browser at the default website and you then log into CF Admin. When I attempted this, no matter how many times I entered what I knew to be the correct password, I was not able to login. I then reset the password only to have the same issue. I then decided to try another web browser other than IE 7. Firefox 3.6.2 works fine. Back to IE - still no go. Frustrated, I turned off SSL. Oddly, I can now log into CF Admin. After some investigation, I have discovered that sessions are not sticking at all over SSL. I have eliminated specific certs as the problem, as I tried the certs from the other box and I still get the same result. For every web page I request from the server in IE over SSL, I get assigned a new token. It doesn't matter if I have the "Use UUID for cftoken" value set to true or false. Nothing works over SSL in IE. I have tried everything I can think of to address this, including resinstalling ColdFusion completely - obviously using the same installer and patch level from the other box. The only differences between these boxes again are the IP addresses and domain names. Please tell me somebody has seen this before and fixed it :) - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -