OS: Windows 2008 Server R2
Java Version: 8.0.1810.13
Tomcat Version: 8
Lucee Version: 18.104.22.168
We have an issue where, occasionally, sessions are mixed up i.e. two users have their sessions swapped over and each “become” the other user. This is very occasional, but clearly serious when it happens.
I’ve read online about issues with mod_jk and Tomcat, but we’re using mod_proxy_ajp. It’s a single server, no clustering. We are using the following configuration on Apache 2.4:
ProxyPreserveHost On ProxyPassMatch ^/(.+\.cf[cm])(/.*)?$ ajp://localhost:8009/$1$2 LoadModule modcfml_module modules/mod_cfml.so CFMLHandlers ".cfm .cfc .cfml" ModCFML_SharedKey "xxxxxx"
We are using Application sessions, stored as files. Would JEE be better?
Any suggestion as to a possible cause / how we can avoid this?