tracker issue : CF-4202698

select a category, or use search below
(searches all categories and all time range)
Title:

[ANeff] ER for: SessionRotate() and SessionInvalidate() for J2EE Session Management

| View in Tracker

Status/Resolution/Reason: To Track//PRNeedInfo

Reporter/Name(from Bugbase): Aaron Neff / ()

Created: 06/03/2018

Components: Core Runtime, Session Management

Versions: 2018

Failure Type: Others

Found In Build/Fixed In Build: /

Priority/Frequency: Normal /

Locale/System: /

Vote Count: 1

ER for: SessionRotate() and SessionInvalidate() for J2EE Session Management

Note: Adobe has always recommended J2EE Session Management over CF Session Management, but SessionRotate() and SessionInvalidate() only work w/ CF Session Management.

This ER is to enable SessionRotate() and SessionInvalidate() for J2EE Session Management

Attachments:

Comments:

This is by design because a single JEE session can span multiple ColdFusion applications on the same domain. You can still rotate your J2EE sessions, but if there are multiple CF applications on the same domain it will only keep info for the current session
Comment by Vamseekrishna N.
28971 | June 06, 2018 04:33:28 AM GMT
Hi Vamsee, My CF applications are always CGI.HTTP_HOST-specific. I never have 2+ CF applications on the same domain. I'd think 2+ CF applications on the same domain would be the minority-case. So.. you're saying SessionRotate()/SessionInvalidate() already work for me then? If so, that's huge! That should be documented. Especially since CF's docs always recommend JEE Session Management over CF Session Management. Thanks!, -Aaron
Comment by Aaron N.
28972 | June 06, 2018 05:36:41 AM GMT
Wait.. I misread.. Are you saying a CF application on foo.domain.com and a CF application on bar.domain.com both share the same JEE Session? Even if both applications are running as separate sites in IIS? Thanks!, -Aaron
Comment by Aaron N.
28973 | June 06, 2018 05:44:38 AM GMT
I'm confused by: 1) a single JEE session can span multiple ColdFusion applications on the same domain vs 2) if there are multiple CF applications on the same domain it will only keep info for the current session #1 implies there is only 1 session. #2 implies there are multiple sessions? Thanks!, -Aaron
Comment by Aaron N.
28974 | June 06, 2018 05:48:56 AM GMT