setdomaincookie craziness

Hi there,

I'm having real crazy stuff happen with my coldfusion web app and cookies. ive set the cfapplication setdomaincookies to be yes as we're hosted on a clustered server. the thing is that every now and then this seems to be ignored and users can see each others data because the cookie seems to be set globally instead of per user!?

does this sound like a problem that anyone else has had?! obviously it's not the greatest thing in the world for privacy...


thanks,

mark.

We are having the EXACT same problem. Unfortunately we don't have access with the Coldfusion Server at the moment, but if you find a solution, Please post it here!

The only time I've seen this happen is if the user is using a bookmarked URL or an emailed URL that has another users cfid and cftoken appended to it.

Are you using UUIDs for the id and token? Are you using JSessionIDs? Is the problem repeatable?

In our case we weren't using url strings at all, it was all cookie based. It eventually cleared up by itself - i think it might have been something wrong with the server setup?