Problem with session variables using ColdFusion, Tomcat and Firefox

Question

Hi there.

Any help is appreciated.

When using cfimage to generate a captcha, we keep his value in a session variable.

After the user submits the form, we compare the value of the captcha that the user entered with the session variable value.

Like this:

Step one - User arrives the form with captcha.

Step two - Is created the variable SESSION.CAPTCHA_VALUE with the captcha value created by cfimage.

Step three - The user fill's in the form and submit it.

Step four - We compare the value of SESSION.CAPTCHA_VALUE with the value that the user entered.

We implemented this because of spam bot's.

The problem is in the value of SESSION.CAPTCHA_VALUE only in Firefox. After submission, the value of SESSION.CAPTCHA_VALUE is always different of the created but the JSESSION.ID is kept.

We are using ColdFusion in Tomcat and Firefox 3.5.3.

Thanks in advance.

Answer 1

Are you load balanced? the session scope is stored in RAM and can cause problems if your bouncing back and forth on different servers. You might try storing the value in a client var rather than session.

Also CFImage...as well as the other tags that generate files like cfform (when flash), cfdocument etc....will operate by writing the file and then generating a link to it that it outputs in the HTML. Make sure that the link to that file is always unique. It could be that you have cross contamination of images. Again, if your load balanced and your servers are not sharing a common file system (like on a NAS) then people could be picking up images from other servers.