?
Solved

Cold Fusion Session Swapping

Posted on 2002-07-01
4
Medium Priority
?
497 Views
Last Modified: 2013-12-24

I'm runnning into an interesting problem with CF session variables getting swapped by (I think) the server. If two users come in from the same IP (behind a firewall or NAT or whatever) within a minute of each other, they occasionally get the other person's session ID. Macromedia has a page on their site that gives a solution to this problem -- their solution being check and make sure the IP's are different.

Obviously, this doesn't work in this case, since we know the IP's are supposed to be the same.

Has anyone had any similar problems and found a way around them? Or can you point me to a site with more information on this topic than the Macromedia site? Thanks! :-)

Jaxman
0
Comment
Question by:jaxman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 5

Expert Comment

by:Yog
ID: 7122773
are you using CFLOCK when setting and reading session variables, http://www.sys-con.com/coldfusion/article.cfm?id=135
0
 

Author Comment

by:jaxman
ID: 7123242
I'm going through and doing a thorough check on all the code, but I believe everything is locked down appropriately.

We've got a situation where we're using session.datasource to hold our DSN, and then at the top of application.cfm we're assigning it to request.appDSN so we can work with it in the request scope ever after instead of the session scope (to make locking easier to deal with).

Question: Will reading from a session variable (ie: putting session.datasource as an r-value of an operation) potentially cause corruption if not properly locked, or is it only when the session variables are l-values?


Jax
0
 
LVL 5

Accepted Solution

by:
Yog earned 800 total points
ID: 7123284
Jax,

yeah locking may require if you are not making a copy of it and using even for a Request scope. If you turn on (from CF Administrator) stricter checking it will tell you wheather the code is not behaving well or behaving well.

if you are using the Request scope, make sure you use the duplicate if you are making another copy of it and using, an "=" usage may just make a reference and wont help

eg.

<CFLOCK SCOPE="Application" TIMEOUT="10">
<CFSCRIPT>
  Request.Application = StructNew();
  Request.Application = Duplicate(Application);
</CFSCRIPT>
</CFLOCK>

<CFLOCK SCOPE="Session" TIMEOUT="10">
<CFSCRIPT>
  Request.Session = StructNew();
  Request.Session = Duplicate(Session);
</CFSCRIPT>
</CFLOCK>

This was suggested to me by pikala and it works good.

Yog
0
 

Author Comment

by:jaxman
ID: 7123302
I'll have to give that a try...you've given me some good pointers, its going to take a while to test them out (these non-deterministic problems are crazy to track down). Thanks for the info! :-)

Jax
0

Featured Post

Simplify Your Workload with One Tool

How do you combat today’s intelligent hacker while managing multiple domains and platforms? By simplifying your workload with one tool. With Lunarpages hosting through Plesk Onyx, you can:

Automate SSL generation and installation with two clicks
Experience total server control

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most ColdFusion developers get confused between the CFSet, Duplicate, and Structcopy methods of copying a Structure, especially which one to use when. This Article will explain the differences in the approaches with examples; therefore, after readin…
Article by: kevp75
Hey folks, 'bout time for me to come around with a little tip. Thanks to IIS 7.5 Extensions and Microsoft (well... really Windows 8, and IIS 8 I guess...), we can now prime our Application Pools, when IIS starts. Now, though it would be nice t…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question