tracker issue : CF-3043458

select a category, or use search below
(searches all categories and all time range)

Bug 86494:We had severe problems with sessions after applying the Security HotFix APSB11-04

| View in Tracker

Status/Resolution/Reason: Closed/Withdrawn/

Reporter/Name(from Bugbase): Julian Halliwell / Julian Halliwell (cfSimplicity)

Created: 02/25/2011

Components: Core Runtime, Session Management

Versions: 9.0.1

Failure Type: Unspecified

Found In Build/Fixed In Build: 0000 /

Priority/Frequency: Major / Unknown

Locale/System: English / Win All

Vote Count: 5


We had severe problems with sessions after applying the Security HotFix APSB11-04. See comments at for details.We changed to domain/path cookies as advised on that blog post (although that was not mentioned in the official Adobe pages), but many of our users were still unable to maintain sessions: they would log in successfully and then  be logged out on the next request. Unfortunately the behaviour was intermittent: we could reproduce it sometimes but not always, however, reports of problems were widespread and persistent from users of those apps with login functionality We rolled back the Hotfix and immediately the issue went away.Further details that may or may not be relevant:* We use IIS7 with URLRewriting so that framework URLs (Fusebox and FW/1) e.g. "/index.cfm?querystring" may be requested as "/directory/sub-directory/"* We use the latest secure JVM from Sun/Oracle: currently JDK1.6 Update 24* We set our session cookies (to expire on browser close) manually using CFCOOKIE not via the CF application settings.


----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	3043458

External Customer Info:
External Company:  
External Customer Name: Julian Halliwell
External Customer Email: 2D5C74634456F5BE992016E5
External Test Config: 02/25/2011