Duplicate
Details
Details
Assignee
Michael Offner
Michael OffnerReporter
Miles Rausch
Miles RauschPriority
Labels
Fix versions
New Issue warning screen
Before you create a new Issue, please post to the mailing list first https://dev.lucee.org
Once the issue has been verified, one of the Lucee team will ask you to file an issue
Sprint
None
Affects versions
Created 23 May 2016 at 18:19
Updated 27 February 2023 at 21:09
Resolved 28 August 2020 at 12:31
Summary of issue:
Let's say you have two servers in a clustered environment that are using session storage and session clustering. We've discovered an issue when the "update" action is called on the
<cfapplication>
tag. That call appears to write session data to the session storage without first reading the latest data from the storage. This results in lost data if the previous server had written new data to the storage.Recreate the issue:
Here are some steps for recreating the issue. I've also provided a test Application.cfc and CFM file.
Setup Lucee with clustered sessions on at least two servers
Round-robin requests between the two servers
Set the application values for session management and session clustering
Define a datasource for session storage (we use MSSQL)
Write data to the session from one server
Call
application action="update"
on the other serverRead the session and note old data
We ran into this issue using ColdBox, which updates the application when copying over CFmappings from ColdBox modules. See the code for RailoMappingHelper.cfc.
Workarounds
We've uncovered a couple of workarounds. If you can force a read of any of the session values before calling the application update, then (usually) the correct session values get saved into the session storage. I say "usually" because testing has shown both of these techniques to be dramatically more accurate but still not 100% dependable.
You can param a session variable:
param name='session.wasLucee2' default=false;
You can assign the session to a temp variable:
local.sessionTemp = session;