Let's say you have two servers in a clustered environment that are using session storage and session clustering. We've discovered an issue when the "update" action is called on the <cfapplication> tag. That call appears to write session data to the session storage without first reading the latest data from the storage. This results in lost data if the previous server had written new data to the storage.
Here are some steps for recreating the issue. I've also provided a test Application.cfc and CFM file.
Setup Lucee with clustered sessions on at least two servers
Round-robin requests between the two servers
Set the application values for session management and session clustering
Define a datasource for session storage (we use MSSQL)
Write data to the session from one server
Call application action="update" on the other server
Read the session and note old data
We ran into this issue using ColdBox, which updates the application when copying over CFmappings from ColdBox modules. See the code for RailoMappingHelper.cfc.
We've uncovered a couple of workarounds. If you can force a read of any of the session values before calling the application update, then (usually) the correct session values get saved into the session storage. I say "usually" because testing has shown both of these techniques to be dramatically more accurate but still not 100% dependable.
You can param a session variable:
param name='session.wasLucee2' default=false;
You can assign the session to a temp variable:
local.sessionTemp = session;