The issue we are having has to do with inactivity and session length. If you are active on the Website after logging in, you will have no issues. If you are inactive for 5 minutes or more, you are logged out and kicked to the login page. The session seems to only last for 5 minutes of inactivity. We desire to have our sessions last for 6 hours per the settings (see 2 examples below). Our production server is on ColdFusion MX7 and is using the exact same code and works as expected.
Can you think of any reason why our sessions would consistently expire after 5 minutes of inactivity since our session variables are being stored properly in the tables (see attached image)? Why 5 minutes?
Is there a test we can run or CFDUMP we could display to screen that would help us debug this?
=======================================================
We pass/display our CFID and CFTOKEN values within the URL of every page. For Lucee, the CFTOKEN value is always â0â.
CFREG is the name of the datasource we have created to store session and client information for login sessions. (CFMX 7 Production obviously uses the CGLOBAL/CDATA tables â different from what Lucee is using.)
=======================================================
After logging in, we check the CF_SESSION_DATA table and the CF_CLIENT_DATA tables to find our current CFID value (that is in the URL). The 2nd to last column is the EXPIRES column. The value in that column matches the hours values that we have set for session and client respectively. When we refresh our Website, the values update accordingly. After timing out, the values stay in the 2 respective tables.
======================================================
Here are the session/client settings on our Application.cfm page.
=======================================================
See attached image. Those are the SCOPE settings within Lucee Administrator.
=============================================================
=============================================================
An Example:
Say I am logged in and I click around and sit on this page:
pageName.cfm?CFID=3a8b284b-1d92-459e-a141-2686c7e6aa21&CFTOKEN=0
CLIENT SCOPE:
cfid
string 3a8b284b-1d92-459e-a141-2686c7e6aa21
cftoken
string 0
hitcount
number 5
lastvisit
Date Time (America/Chicago)
{ts â2021-09-03 10:53:42â}
timecreated
Date Time (America/Chicago)
{ts â2021-09-03 10:53:04â}
urltoken
string CFID=3a8b284b-1d92-459e-a141-2686c7e6aa21&CFTOKEN=0
5 Minutes later, I click a link on that page and am immediately kicked to the login screen. Here is the path in the browser:
pageName.cfm?CFID=3a8b284b-1d92-459e-a141-2686c7e6aa21&CFTOKEN=0
CLIENT SCOPE:
cfid
string 94e5c571-de39-4e8c-aba8-201ec370fcc6
cftoken
string 0
hitcount
number 1
lastvisit
Date Time (America/Chicago)
{ts â2021-09-03 11:04:12â}
timecreated
Date Time (America/Chicago)
{ts â2021-09-03 11:04:12â}
urltoken
string CFID=94e5c571-de39-4e8c-aba8-201ec370fcc6&CFTOKEN=0
If you notice that the URL string in the Web address stayed the same as the original, but the CFID and URLTOKEN values changed (within the Client Scope) to a new value somehow. Even though I have a valid CFID value (exists in the database tables â cf_session_data & cf_client_data â and has not expired), it doesnât match up to the client scope â so I am kicked to the LOGIN screen. Both the new and the old CFID values exist in the tables and are not expired.
Any ideas why my CLIENT SCOPE is expiring/changing after 5 minutes?
Donât forget to tell us about your stack!
OS: Linux (3.10.0-1160.36.2.el7.x86_64) 64bit
Java Version: 1.8.0_131 (Oracle Corporation) 64bit
Tomcat Version: Apache Tomcat/8.5.14
Lucee Version: Lucee 5.3.9.4-SNAPSHOT