Title:
Bug 86494:We had severe problems with sessions after applying the Security HotFix APSB11-04
| View in TrackerStatus/Resolution/Reason: Closed/Withdrawn/
Reporter/Name(from Bugbase): Julian Halliwell / Julian Halliwell (cfSimplicity)
Created: 02/25/2011
Components: Core Runtime, Session Management
Versions: 9.0.1
Failure Type: Unspecified
Found In Build/Fixed In Build: 0000 /
Priority/Frequency: Major / Unknown
Locale/System: English / Win All
Vote Count: 5
Problem:
We had severe problems with sessions after applying the Security HotFix APSB11-04. See comments at http://shilpikm.blogspot.com/2011/02/security-hot-fix-update-for-coldfusion.html for details.We changed to domain/path cookies as advised on that blog post (although that was not mentioned in the official Adobe pages), but many of our users were still unable to maintain sessions: they would log in successfully and then be logged out on the next request. Unfortunately the behaviour was intermittent: we could reproduce it sometimes but not always, however, reports of problems were widespread and persistent from users of those apps with login functionality We rolled back the Hotfix and immediately the issue went away.Further details that may or may not be relevant:* We use IIS7 with URLRewriting so that framework URLs (Fusebox and FW/1) e.g. "/index.cfm?querystring" may be requested as "/directory/sub-directory/"* We use the latest secure JVM from Sun/Oracle: currently JDK1.6 Update 24* We set our session cookies (to expire on browser close) manually using CFCOOKIE not via the CF application settings.
Method:
Result:
----------------------------- Additional Watson Details -----------------------------
Watson Bug ID: 3043458
External Customer Info:
External Company:
External Customer Name: Julian Halliwell
External Customer Email: 2D5C74634456F5BE992016E5
External Test Config: 02/25/2011Attachments:
Comments: