[thelist] CF Session Variables

Susan Wallace susanhw at webcastle.com
Mon Oct 1 22:44:02 CDT 2001


Greetings!

I have a client that has been using an "online store" application for some 
time now. For session variables, the store implements Locking. (The server 
is NT 4 / IIS/ CF 4.51)

This past week, the client created a new product in the store and assigned 
it a price of $0.00. Once the item was added to the store, she sent out an 
e-mail to all of her previous customers to let them know about the free 
item. Then she went home for the weekend.

She returned today to an inbox with 300 irate customer e-mails because 
other people's personal information was showing up when they went to place 
an order. I am aware that this happens with sessions, but I thought that 
when Locking was used it would prevent it from happening?? (obviously I 
need to go back over Locking...)

I am not asking for help debugging anything here, rather for what I may 
have missed in looking into possible causes. The only thing that changed 
was the item price.

  This is the list that I came up with of possible "issues":

1) Multiplying a UPS shipping rate by 0 is a Bad Idea. (This store uses 
CF_UPSRateMonger - When she changed the price of the item to $0.01 and let 
her session timeout, the problem still occurred.)

2) Perhaps she had included in the URL that she sent a specific 
CFID/CFTOKEN combination that resulted when she viewed the new product in 
the store. (I checked, she did not)

3) The server has a serious memory problem. The server this is on is 
notorious for being overcrowded, it often times out on requests. Would 
running out of memory cause it?

I know there are still several things to consider here - specifically with 
the Shipping tables and the way the store is put together, my question is: 
What else would cause this behavior?

This application has been running for about 2 years, it has been upgraded 
numerous times but we have never seen any of this before. The most recent 
upgrade was over 3 months ago, and it is an active site. I would have 
expected to see this before now if the last upgrade caused a problem?

Ok... I'll stop rambling. ;-)

<tip type="Web log analyzer">
One more reason to switch to Summary (http://www.summary.net):
If you are interested in finding out what screen resolution your visitors 
are using, Summary provides JavaScript code that will add this information 
to your reports. (Details provided in the documentation.)
</tip>

Any suggestions greatly appreciated!
Susan Wallace





More information about the thelist mailing list