Reputation: 5613
ColdFusion sessions not being timed out
We have 2 core applications running on our servers on CF 8, and both have the exact same session timeout set in the application CFC (2 hours at the moment). However we're seeing that sessions are spiralling out of control for one of the applications (currently at 120,000+ on one server), lets call it AppA whereas AppB seems fine (and AppB is the one we'd expect a lot more traffic to).
So I did some further digging and found out that most of the sessions for AppA have been idle for many hours with the highest value I've seen so far being over 11 hours.
We're not actually doing that much with sessions so I'm a little confused as to why they're not being timed out as expected. Also I've dumped the this scope in the application CFC and it is showing the expected value for sessionTimeout.
The only thing I had noticed is that in one instance we're assigning a variable on the Request scope from a Session variable. If it were a different scope I would maybe think that is causing some sort of reference that GC (or whatever) can't clear.
Upvotes: 2
Views: 549
Answers (3)
Reputation: 5613
Actually turns out the sessions were started from another App which wasn't over-riding the default value in the base Application.cfc (including the application name).
Upvotes: 0
Reputation: 786
In terms of the spiral, I'd say that's to do with some requests which aren't passing through the CFID/CFTOKEN to maintain the session. This could be web service calls, CFHTTP requests, search engine bots, etc. Sounds like one of your apps is experiencing this. If this is the case then for CFHTTP pass the CFID/CFTOKEN through to maintain sessions. Web services bit more tricky, you'll need to create a 'key' which is passed back and forth, whole separate topic! Bots can be handled by having some conditionals to set the session timeout value.
For the 11 hours, I'd say thats due to it been kept alive by something. Some continual polling? Reocurring AJAX request? It would have to be something that continues to pass the ID/TOKEN through.
Upvotes: 1
Reputation: 38956
I used to get server lockups in CF6.1 when I was persisting CFCs in the application or session scopes. Now I instantiate them in the request scope and the lockups stopped happening (with no noticeable performance drop). Maybe you have a similar issue.
Upvotes: 0
Related Questions
- Looking for suggestions on how to handle Coldfusion session timeout with cfc
- ColdFusion session timing out too early
- Coldfusion different Session timeout lengths
- What actions cause a Coldfusion session to be extended?
- Coldfusion Session Timeout Application.cfc
- SessionTimeout not overrriding CF Administrator
- ColdFusion User login fails after session timeout
- Coldfusion Session Timeout
- ColdFusion application timing out even with large values for cflogin idletimeout and session timeout
- ColdFusion sessions are not timing out? Why not?