Helpful Information
 
 
Category: ColdFusion
Session ends if another IE Browser is opened

I have protected pages using MX 7, where only people that are logged in can view the pages. The problem is if I have a Cold Fusion protected page up in the first browser and I open a second browser in IE the session goes away in the first Cold Fusion Browser page.

For example I log in and then view the Cold Fusion page in IE 6 Broswer where I view the protected mypage.cfm web page, and then open up a second IE Browser page where I view an html or any other page called otherpage.html. If I go back to the mypage.cfm in the first Browser and click on a link that leads to another session protected page, it kicks me out of the session and takes me to my login page. This does not happen in Netscape 7.

Please advise how I can correct this issue. Here is what I have:

Application.cfm:



<cfapplication name = "My_application_name"
sessionManagement = "Yes"
sessionTimeout = #CreateTimeSpan(0,0,60,0)#
setClientCookies = "Yes">

<cfif IsDefined('Cookie.CFID') AND IsDefined('Cookie.CFTOKEN')>
<cfset localCFID = Cookie.CFID>
<cfset localCFToken = Cookie.CFTOKEN>
<cfcookie name="CFID" value="#localCFID#">
<cfcookie name="CFTOKEN" value="#localCFToken#">
</cfif>

login page:



<cfquery...
select from loginTable where username = '#Form.Username#'
and ......
</cfquery>

<cfset Session.AuthLogin = 'True'>
<cfset Session.AdminLogin = Form.Username>


Here is what I have on the top of each one of my protected pages:



<cfif isDefined("Session.AuthLogin") is NOT TRUE>
<!--- Session is over or not valid so go to loginPage --->
<cflocation url="loginPage.cfm">
<cfelse>
..see the Cold Fusion protected page
</cfif>

Please advise.

I think your issue is with the first chunk of code. The following is not needed and may be interfering:

<cfif IsDefined('Cookie.CFID') AND IsDefined('Cookie.CFTOKEN')>
<cfset localCFID = Cookie.CFID>
<cfset localCFToken = Cookie.CFTOKEN>
<cfcookie name="CFID" value="#localCFID#">
<cfcookie name="CFTOKEN" value="#localCFToken#">
</cfif>
The setClientCookies="yes" parameter in the CFAPPLICATION tag does this for you.










privacy (GDPR)