[thelist] CF Session Variables

[Joshua Olson]

Is the personal information stored only in memory or is it stored in the
database somewhere before the point when people claim they can see it.  If
it is *only* in session variables, then the only known way that people are
seeing other people peoples information is if they have stolen the session
by grabbing their tokens.

If personal information is in the database when people are claiming they can
see each other's data, then I would look for the user information stored in
the database under shopper id 0.  If you are storing some sort of id for the
shopper and then use this id when you look up the information in the
database, then everyone with a timed out session could be using the same
record in the database, record 0.

The zero price might have been failing somewhere and actually causing a
memory leak which might blow away some or all sessions, thus resulting in
this problem.  If you have error handling turned on, you might try turning
it off so that errors are free to show.

Sorry I cannot be more of assistance.

-joshua

----- Original Message -----
From: "Susan Wallace" <susanhw at webcastle.com>
Subject: [thelist] CF Session Variables


: Greetings!
:
: I have a client that has been using an "online store" application for some
: time now. For session variables, the store implements Locking. (The server
: is NT 4 / IIS/ CF 4.51)