We recently updated from Lucee 5.x to 6.x and began noticing some unusual session behavior. Our session information is stored in a database for round robin load balancing. The initial session update to the database seems to work fine. But, almost all subsequent session updates to the database seem to fail. I believe there is a silent exception being thrown and the initial session is recovered silently from the database which in a lot of cases may be somewhat imperceptible to the user.

We believe the database session updates are failing for 2 reasons:

1. The ‘expires’ column never updates on 6.x (5.x it updates every cfm/cfc page touch by the user). Regardless of user activity on our websites, their session expire exactly the amount of time set in the session timeout from their first visit. Their session is not being kept alive because ‘expires’ never updates. We can very reliably see this never updates after the initial database update.

2. Any session variables written after the initial set are eventually lost, I believe this is because they are never written to the database and when it throws and exception/recovers and pulls the initial session variables from the database, the new ones don’t exist. This one is less reliable to figure out. Sometimes session variables created after the initial session creation stick around for a few minutes and sometimes much longer. However they almost always seem to disappear eventually.