ColdFusion session loss at cflocation/cfheader, my sandbox only

Question

A few days ago my dev server stopped maintaining session variables after cflocation/cfheader tags. This has been an intermittent problem for about a month but became constant a few days ago. I'm looking for a reason why this happened only on my dev server. I am the only member of my team who is having a loss of session problem. I don't have the problem on either of the two test environments or on the production server and it works (fails) the same on three different browsers. The system is password protected and uses session variables to stay logged in. I can't do anything until I fix the problem.

edit: running CF10 on Apache 2.2.24 Win64 with apr-1.4.6P apr-util-1.4.1 apr-iconv-1.2.1 openssl-1.0.1e+nasm zlib-1.2.7+asm Both websites I work on are https.

Here is what I know:

I work on two password protected applications: one uses session variables and the other uses client variables. It is only the session variables that are being lost. The application with client variables works fine. Both systems use client cookies.

I replaced all my code with the latest from version control so it's not something unique in my code. I compared my server settings with another team member and there are a few differences, but none of my settings changed recently. The one difference that might be relevant is that she has her sandbox in c:/apache2/htdocs/ and I have mine in c:/inetpub/wwwroot/, but this is not new either. We have the same version of Windows and probably the same computer (corporate issued). The one difference I found is that when I restart my server I get the following entry in the coldfusion-error log:

java.lang.NullPointerException at coldfusion.server.jrun4.metrics.SimpleLoadMetric.run(SimpleLoadMetric.java:157) at coldfusion.scheduling.ThreadPool.run(ThreadPool.java:260) at coldfusion.scheduling.WorkerThread.run(WorkerThread.java:71)

My co-worker doesn't have this anywhere in her log. I tried turning off all debug output but that didn't change anything and my co-worker has all the debug turned on too so that can't be the cause. I stupidly cleared my log files while debugging this problem so I don't know when I started getting this error.

I have spent hours looking at the code but the cause of the problem can't be there because I am running the same code as by co-workers and that runs on production. Any ideas about what might be different with my dev environment that could cause this problem will be greatly appreciated.

Answer 1

I finally resolved this issue. The problem was with J2EE session variables (which I forgot to mention above). We use them on the test and production environments without issue (once we got them working which wasn't easy). I used them on dev as well and hadn't changed the setting for months. I had already tried turning them off but it didn't stop the problem. I had also tried restarting the CF server and the Apache server without fixing the problem. What I hadn't tried was restarting both servers at the same time. That was the key.

What was happening on dev was that between the and the the JSESSIONID became urlencoded. "JSESSIONID=8A9C0E12E731BFC11E1D98FD2ADC1E23.cfusion" became "JSESSIONID=8A9C0E12E731BFC11E1D98FD2ADC1E23%2Ecfusion"

This was happening on dev when we first switched to J2EE a couple of months ago but I had resolved the issue. I don't remember what I changed to make it work at that time, and I don't know what changed to make it stop working. I don't like turning them off because it makes another difference between dev and test/production, but I'm going to leave them off for now because I have to get back to work.