Copy link to clipboard
Copied
I cannot get cfcookie to stop expiring immediately. It worked fine until recently switching to a new VPS. Now the cookies only get set the first time Application.cfm is run. If you visit any other page in that same director the cookie mysteriously disappears.
Here is my application tag...
<cfapplication name="KYND" sessionmanagement="yes" sessiontimeout="#CreateTimeSpan(0,3,0,0)#" setclientcookies="no" setdomaincookies="yes">
http://www.kyndoutdoors.com/dbf/_kynd-controller/my-kynd.cfm
Use timmyv as both the username and password.
Your cookies are NOT being deleted. The problem is the duplication. And more specifically, the problem is that cfparam that I encouraged you to remove.
Your first decision in your test is this:
<cfif #cookie.kp_id# EQ ""> (btw, you don't need hash marks in this code or in any of the other cfif statements in your code. Please remove them, they are soooo ugly)
Well, kp_id is both blank and it's not. The cookie exists twice, once with and once without a value. CF is using the one without a valu
...Copy link to clipboard
Copied
Where is the code where you are setting your cookies? You need to be setting them manually somewhere (Application.cfm) because you have setClientCookies="no".
jason
Copy link to clipboard
Copied
It's in the Application.cfm. Here is an example...
<cfcookie domain=".kyndoutdoors.com" name="kp_username" value="#get_user_via_cookies.username#" expires="never"/> |
Copy link to clipboard
Copied
Another thing I'm noticing as I'm trying to figure this out is that the cookies I'm setting and the cfid/cftoken variables are getting duplicated. Seems strange....
Copy link to clipboard
Copied
idesdema wrote:
It's in the Application.cfm. Here is an example...
<cfcookie domain=".kyndoutdoors.com" name="kp_username" value="#get_user_via_cookies.username#" expires="never"/>
To avoid any complications, I would use setClientCookies="yes". I expect the <cfcookie> would still do its job anyway. Long session timeout values are hard to justify. I would also add applicationTimeout to the mix. Something like
<cfapplication name="KYND" applicationTimeout="#CreateTimeSpan(1,0,0,0)#" sessionmanagement="yes" sessiontimeout="#CreateTimeSpan(0,0,30,0)#" setclientcookies="yes" setdomaincookies="yes">
Copy link to clipboard
Copied
So where are you manually creating CFID and CFToken? To maintain a session you need session variables.
My guess is that on the previous server you had JEE sessions enabled and on the new one you don't. When you have JEE sessions enabled it ignores the directive not to set client cookies (because that is really about the client scope, not the session scope), so you get session management anyway. But if you don't have JEE sessions enabled AND you tell it not to set client cookeis, then you don't get any session token cookies.
Either enable JEE session variables or change setClientCookies to YES.
jason
Copy link to clipboard
Copied
I did not have j2ee sessions enabled. But I think if you look at the latest post (referring to the cookies.cfm page) you'll see that all I'm trying to do is set cookies. I am not doing anything with cfapplication.... Although I can certainly put that in the code. However I think if you go to the page you'll get the same cookie behavior I'm getting. I am dumping the cookie and form vars to the screen.
I just don't understand why the cookies would get set correctly with an expiration of never, then within the same directory (just adding a variable to the end of the URL string) they are gone the next time the page or any other page gets called. What is going on?
This has to be a hosting issue or an IIS issue.
Copy link to clipboard
Copied
So what are you expectign it to do that it isn't? The cookies are setting fine for me. There is a duplicate of KP_ID and that is because you are cfparaming it without specifying a domain. so it gets the domain "www.kyndoutdoors.com" instead of ".kyndoutdoors.com ". As far as the browser is concerned those are two separate cookies for two separate domains. So it stores both of them.
To eliminate the dupe, don't param things in the cookie scope.
Now, please, please, please tell me this is not how you are doing session management.
Jason
Copy link to clipboard
Copied
No this is simply a test to see why my cookies are getting deleted. It's not how I'm doing session management. However, I am still using App.cfm instead of .cfc which I know... its time to move forward.
My session management is with cfapplication, cflogin, cflogin user and session variables. Is that also not a good approach? I basically am still using the example from Ben Forta's book that came out with CFMX.
Copy link to clipboard
Copied
Well, I tried your test page and your cookies did not get deleted. Why do you think they are getting deleted? What makes you believe they are getting deleted?
jason
Copy link to clipboard
Copied
Because of what happens to me when I test it. If you look at the code, it says "if the cookie is not blank, display all is well in cookie world". I get that message the first time I login, but then when I click either of the links at the bottom, the cookie is no longer present and I get the login form. That is the root of this entire issue. The cookie gets set once, but then visit any other page and its gone.
Copy link to clipboard
Copied
Your cookies are NOT being deleted. The problem is the duplication. And more specifically, the problem is that cfparam that I encouraged you to remove.
Your first decision in your test is this:
<cfif #cookie.kp_id# EQ ""> (btw, you don't need hash marks in this code or in any of the other cfif statements in your code. Please remove them, they are soooo ugly)
Well, kp_id is both blank and it's not. The cookie exists twice, once with and once without a value. CF is using the one without a value. Both are being sent, whatever order they are being sent in results in the cookie being blank.
Here is the HTTP request being sent:
GET /dbf/cookies.cfm HTTP/1.1
Host: www.kyndoutdoors.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:16.0) Gecko/20100101 Firefox/16.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: kp_id=""; KP_ID=13608; KP_USERNAME=timmyv; KP_PASSWORD=timmyv
The important line is the last one. TWO KP_IDs are being sent. One is blank, one is not. CF must use the first one it recieves.
Regardless, remove the cfparam (you'll need to add a check for existence to your cfifs that make use of that cookie var), delete your cookies and try it again.
Jason
Copy link to clipboard
Copied
Ok ok I'll remove the unnecessary pound signs. Old habit. The good news is... that was it! Working smoothly now.
Copy link to clipboard
Copied
No more cookie params, no more cfif #cookie.kp_id#. Now I'm using StructKeyExists(cookie, "kp_id"). Have yet to run into any problems.
Copy link to clipboard
Copied
idesdema wrote:
My session management is with cfapplication, cflogin, cflogin user and session variables. Is that also not a good approach?
Other than cfapplication, cflogin, and cfloginuser, that is how I do it.
Jason
Copy link to clipboard
Copied
Look at how its duplicating cfid and cftoken. Then its creating both lowercase and uppercase cookies of the same name... ??
Copy link to clipboard
Copied
Don't store usernames and passwords in cookies!
Copy link to clipboard
Copied
I would restructure the cfcookie code to:
<cfif NOT isDefined("cookie.kp_username") AND get_user_via_cookies.username IS NOT "">
<cfcookie domain=".kyndoutdoors.com" name="kp_username" value="#get_user_via_cookies.username#" expires="never"/>
</cfif>
Having said that, I still wonder what get_user_via_cookies does. Could it be feeding the cfcookie tag the value which the tag itself has just set, thereby going around in circles?
Copy link to clipboard
Copied
Ok I am trying to narrow down what in the world is going on here. It's very bizzare. Here is my cookie test page. http://www.kyndoutdoors.com/dbf/cookies.cfm Use timmyv as both the username and password.
Here is the code from cookies.cfm
<cfparam name="form.kpizzle_username" default="" type="string">
<cfparam name="form.kpizzle_password" default="" type="string">
<cfparam name="cookie.kp_id" default="" type="string">
<cfset dsn="my_dsn">
<cfif #cookie.kp_id# EQ "">
<cfif #form.kpizzle_username# EQ "">
<h1>Please login to Kynd Outdoors. Cookies are blank and so is the form.</h1>
<cfform name="my_k_login" method="post" action="cookies.cfm">
user<cfinput name="kpizzle_username" type="text" class="textbox" id="kpizzle_username" size="40" maxlength="20" required="yes" message="Enter a username."><br/>
pass<cfinput name="kpizzle_password" type="password" class="textbox" id="kpizzle_password" size="40" maxlength="20" required="yes" message="Enter a password."><br/>
<cfinput type="submit" validate="submitonce" class="btn_small" onmouseover="this.className='btn_small btn_small_hover'" onmouseout="this.className='btn_small'" name="submit" value="LOGIN">
</cfform>
<cfabort>
<cfelse>
<cfquery name="get_user_via_form" datasource="#dsn#" maxrows="1">
SELECT kpizzle_id,kpizzle_username,kpizzle_password,kpizzle_email,kpizzle_first_name,kpizzle_last_name,kpizzle_state
FROM user
WHERE kpizzle_username='#form.kpizzle_username#'
AND kpizzle_password='#form.kpizzle_password#'
</cfquery>
<cfif #get_user_via_form.recordcount# NEQ 0>
<cfcookie domain=".kyndoutdoors.com" name="kp_id" value="#get_user_via_form.kpizzle_id#" expires="never"/>
<cfcookie domain=".kyndoutdoors.com" name="kp_username" value="#get_user_via_form.kpizzle_username#" expires="never"/>
<cfcookie domain=".kyndoutdoors.com" name="kp_password" value="#get_user_via_form.kpizzle_password#" expires="90"/>
</cfif>
</cfif>
<cfelse>
<cfif #cookie.kp_id# NEQ "" AND #cookie.kp_username# NEQ "" AND #cookie.kp_password# NEQ "">
All is well in cookie world
<cfelse>
<h1>Please login to Kynd Outdoors. Cookie id is set, but the others are not.</h1>
<cfform name="my_k_login" method="post" action="cookies.cfm">
user<cfinput name="kpizzle_username" type="text" class="textbox" id="kpizzle_username" size="40" maxlength="20" required="yes" message="Enter a username."><br/>
pass<cfinput name="kpizzle_password" type="password" class="textbox" id="kpizzle_password" size="40" maxlength="20" required="yes" message="Enter a password."><br/>
<cfinput type="submit" validate="submitonce" class="btn_small" onmouseover="this.className='btn_small btn_small_hover'" onmouseout="this.className='btn_small'" name="submit" value="LOGIN">
</cfform>
<cfabort>
</cfif>
</cfif><br/><br/>
<cfdump var="#COOKIE#" label="Cookie" expand="yes">
<br/><br/>
<cfdump var="#FORM#" label="Form" expand="yes">
<br/><br/>
<a href="cookies.cfm?var=yes"><b>Let's call this page again but with a variable in the URL string...</b></a>
<br/><br/>
<a href="cookies.cfm/"><b>Let's call this page again but with a trailing slash</b></a>
Copy link to clipboard
Copied
So another strange issue... Setting session variables no longer works. I found this thread which is somewhat similar http://forums.adobe.com/message/4049838 but he/she was able to set session vars at least.