cfcookie expires immediately

It's in the Application.cfm.  Here is an example...

Another thing I'm noticing as I'm trying to figure this out is that the cookies I'm setting and the cfid/cftoken variables are getting duplicated.  Seems strange....

idesdema wrote: It's in the Application.cfm.  Here is an example... <cfcookie domain=".kyndoutdoors.com" name="kp_username" value="#get_user_via_cookies.username#" expires="never"/>

To avoid any complications, I would use setClientCookies="yes". I expect the <cfcookie> would still do its job anyway. Long session timeout values are hard to justify. I would also add applicationTimeout to the mix. Something like

<cfapplication name="KYND" applicationTimeout="#CreateTimeSpan(1,0,0,0)#"  sessionmanagement="yes" sessiontimeout="#CreateTimeSpan(0,0,30,0)#" setclientcookies="yes" setdomaincookies="yes">

So where are you manually creating CFID and CFToken? To maintain a session you need session variables.

My guess is that on the previous server you had JEE sessions enabled and on the new one you don't.  When you have JEE sessions enabled it ignores the directive not to set client cookies (because that is really about the client scope, not the session scope), so you get session management anyway. But if you don't have JEE sessions enabled AND you tell it not to set client cookeis, then you don't get any session token cookies.

Either enable JEE session variables or change setClientCookies to YES.

jason

I did not have j2ee sessions enabled.  But I think if you look at the latest post (referring to the cookies.cfm page) you'll see that all I'm trying to do is set cookies.  I am not doing anything with cfapplication.... Although I can certainly put that in the code. However I think if you go to the page you'll get the same cookie behavior I'm getting.  I am dumping the cookie and form vars to the screen.

I just don't understand why the cookies would get set correctly with an expiration of never, then within the same directory (just adding a variable to the end of the URL string) they are gone the next time the page or any other page gets called.  What is going on?

This has to be a hosting issue or an IIS issue.

So what are you expectign it to do that it isn't? The cookies are setting fine for me. There is a duplicate of KP_ID and that is because you are cfparaming it without specifying a domain. so it gets the domain "www.kyndoutdoors.com" instead of ".kyndoutdoors.com ". As far as the browser is concerned those are two separate cookies for two separate domains. So it stores both of them. 

To eliminate the dupe, don't param things in the cookie scope.

Now, please, please, please tell me this is not how you are doing session management.

Jason

No this is simply a test to see why my cookies are getting deleted.  It's not how I'm doing session management.  However, I am still using App.cfm instead of .cfc which I know... its time to move forward.

My session management is with cfapplication, cflogin, cflogin user and session variables.  Is that also not a good approach?  I basically am still using the example from Ben Forta's book that came out with CFMX.

Well, I tried your test page and your cookies did not get deleted. Why do you think they are getting deleted? What makes you believe they are getting deleted?

jason

Because of what happens to me when I test it.  If you look at the code, it says "if the cookie is not blank, display all is well in cookie world".  I get that message the first time I login, but then when I click either of the links at the bottom, the cookie is no longer present and I get the login form.  That is the root of this entire issue.  The cookie gets set once, but then visit any other page and its gone.

Ok ok I'll remove the unnecessary pound signs.  Old habit.  The good news is... that was it!  Working smoothly now.

No more cookie params, no more cfif #cookie.kp_id#.  Now I'm using StructKeyExists(cookie, "kp_id").  Have yet to run into any problems.

idesdema wrote: My session management is with cfapplication, cflogin, cflogin user and session variables.  Is that also not a good approach?

Other than cfapplication, cflogin, and cfloginuser, that is how I do it.  

Jason

Look at how its duplicating cfid and cftoken.  Then its creating both lowercase and uppercase cookies of the same name... ??

Don't store usernames and passwords in cookies!

I would restructure the cfcookie code to:

<cfif NOT isDefined("cookie.kp_username") AND get_user_via_cookies.username IS NOT "">

<cfcookie domain=".kyndoutdoors.com" name="kp_username" value="#get_user_via_cookies.username#" expires="never"/>

</cfif>

Having said that, I still wonder what get_user_via_cookies does. Could it be feeding the cfcookie tag the value which the tag itself has just set, thereby going around in circles?

Ok I am trying to narrow down what in the world is going on here.  It's very bizzare.  Here is my cookie test page.  http://www.kyndoutdoors.com/dbf/cookies.cfm  Use timmyv as both the username and password.

Here is the code from cookies.cfm

<cfparam name="form.kpizzle_username" default="" type="string"> <cfparam name="form.kpizzle_password" default="" type="string"> <cfparam name="cookie.kp_id" default="" type="string"> <cfset dsn="my_dsn"> <cfif #cookie.kp_id# EQ ""> <cfif #form.kpizzle_username# EQ "">    <h1>Please login to Kynd Outdoors.  Cookies are blank and so is the form.</h1>    <cfform name="my_k_login" method="post" action="cookies.cfm">    user<cfinput name="kpizzle_username" type="text" class="textbox" id="kpizzle_username" size="40" maxlength="20" required="yes" message="Enter a username."><br/>    pass<cfinput name="kpizzle_password" type="password" class="textbox" id="kpizzle_password" size="40" maxlength="20" required="yes" message="Enter a password."><br/>    <cfinput type="submit" validate="submitonce" class="btn_small" onmouseover="this.className='btn_small btn_small_hover'" onmouseout="this.className='btn_small'" name="submit" value="LOGIN">    </cfform>   <cfabort> <cfelse>   <cfquery name="get_user_via_form" datasource="#dsn#" maxrows="1">   SELECT kpizzle_id,kpizzle_username,kpizzle_password,kpizzle_email,kpizzle_first_name,kpizzle_last_name,kpizzle_state   FROM user   WHERE kpizzle_username='#form.kpizzle_username#'   AND kpizzle_password='#form.kpizzle_password#'   </cfquery>   <cfif #get_user_via_form.recordcount# NEQ 0>    <cfcookie domain=".kyndoutdoors.com" name="kp_id" value="#get_user_via_form.kpizzle_id#" expires="never"/>    <cfcookie domain=".kyndoutdoors.com" name="kp_username" value="#get_user_via_form.kpizzle_username#" expires="never"/>    <cfcookie domain=".kyndoutdoors.com" name="kp_password" value="#get_user_via_form.kpizzle_password#" expires="90"/>   </cfif> </cfif> <cfelse> <cfif #cookie.kp_id# NEQ "" AND #cookie.kp_username# NEQ "" AND #cookie.kp_password# NEQ "">   All is well in cookie world <cfelse>   <h1>Please login to Kynd Outdoors.  Cookie id is set, but the others are not.</h1>   <cfform name="my_k_login" method="post" action="cookies.cfm">   user<cfinput name="kpizzle_username" type="text" class="textbox" id="kpizzle_username" size="40" maxlength="20" required="yes" message="Enter a username."><br/>   pass<cfinput name="kpizzle_password" type="password" class="textbox" id="kpizzle_password" size="40" maxlength="20" required="yes" message="Enter a password."><br/>   <cfinput type="submit" validate="submitonce" class="btn_small" onmouseover="this.className='btn_small btn_small_hover'" onmouseout="this.className='btn_small'" name="submit" value="LOGIN">   </cfform>   <cfabort> </cfif> </cfif> <br/><br/> <cfdump var="#COOKIE#" label="Cookie" expand="yes"> <br/><br/> <cfdump var="#FORM#" label="Form" expand="yes"> <br/><br/> <a href="cookies.cfm?var=yes"><b>Let's call this page again but with a variable in the URL string...</b></a> <br/><br/> <a href="cookies.cfm/"><b>Let's call this page again but with a trailing slash</b></a>