We just upgraded to IIS7 and have had intermittent issues with SESSION variables. In a nutshell a very low percentage of users are getting new SESSION IDs with each page request. Clearing cookies has solved this problem for just about every use I’ve come across.

My question is… Is there a way to programmatically do this? It’s been a lower percentage of calls of people unable to login/can’t get a certain application to work, so it’s not a HUGE deal, but we are having to walk people through the process of clearing cookies all day. I haven’t read of, nor seen a way to force users to clear cookies.

Most other questions on here are uses having this issue everywhere, as if there is a programmatic error. Our applications work fine, it’s just a small percentage of users who used our applications on our old server can’t get new session cookies from the new server.

We were running IIS6/CF9 and we upgraded to IIS7/CF10. This problem is cross browser. We have seen it turn up in IE, FF, and Chrome.

–EDIT–

If a user clears cookies and goes to domian.com and then to sub.domain.com, the domain.com cookie takes precedent and the browser I guess never returns the sub.domain.com cookie it gets from the sub.domain.com server. Turning on J2EE cookies on sub.domain.com fixes the issue, I guess, but the clients still run around with a cookie from domain.com. domain cookies is whatever is set by default… i.e. we don’t set it to anything in app.cfc. I have no idea how it is set on domain.com.