Skip navigation
Currently Being Moderated

cfcookie expires immediately

Nov 26, 2012 5:46 PM

Tags: #cfapplication #cfcookie

I cannot get cfcookie to stop expiring immediately.  It worked fine until recently switching to a new VPS.  Now the cookies only get set the first time Application.cfm is run.  If you visit any other page in that same director the cookie mysteriously disappears.

 

Here is my application tag...

 

<cfapplication name="KYND" sessionmanagement="yes" sessiontimeout="#CreateTimeSpan(0,3,0,0)#" setclientcookies="no" setdomaincookies="yes">

 

http://www.kyndoutdoors.com/dbf/_kynd-controller/my-kynd.cfm

 

Use timmyv as both the username and password.

 
Replies
  • Currently Being Moderated
    Nov 26, 2012 8:16 PM   in reply to idesdema

    Where is the code where you are setting your cookies? You need to be setting them manually somewhere (Application.cfm) because you have setClientCookies="no".

     

    jason

     
    |
    Mark as:
  • Currently Being Moderated
    Nov 26, 2012 11:07 PM   in reply to idesdema

    idesdema wrote:

     

    It's in the Application.cfm.  Here is an example...

    <cfcookie domain=".kyndoutdoors.com" name="kp_username" value="#get_user_via_cookies.username#" expires="never"/>

    To avoid any complications, I would use setClientCookies="yes". I expect the <cfcookie> would still do its job anyway. Long session timeout values are hard to justify. I would also add applicationTimeout to the mix. Something like

     

    <cfapplication name="KYND" applicationTimeout="#CreateTimeSpan(1,0,0,0)#"  sessionmanagement="yes" sessiontimeout="#CreateTimeSpan(0,0,30,0)#" setclientcookies="yes" setdomaincookies="yes">

     
    |
    Mark as:
  • Currently Being Moderated
    Nov 26, 2012 11:12 PM   in reply to idesdema

    Don't store usernames and passwords in cookies!

     
    |
    Mark as:
  • Currently Being Moderated
    Nov 26, 2012 11:23 PM   in reply to idesdema

    I would restructure the cfcookie code to:

     

    <cfif NOT isDefined("cookie.kp_username") AND get_user_via_cookies.username IS NOT "">

    <cfcookie domain=".kyndoutdoors.com" name="kp_username" value="#get_user_via_cookies.username#" expires="never"/>

    </cfif>

     

    Having said that, I still wonder what get_user_via_cookies does. Could it be feeding the cfcookie tag the value which the tag itself has just set, thereby going around in circles?

     
    |
    Mark as:
  • Currently Being Moderated
    Nov 27, 2012 7:12 AM   in reply to idesdema

    So where are you manually creating CFID and CFToken? To maintain a session you need session variables.

     

    My guess is that on the previous server you had JEE sessions enabled and on the new one you don't.  When you have JEE sessions enabled it ignores the directive not to set client cookies (because that is really about the client scope, not the session scope), so you get session management anyway. But if you don't have JEE sessions enabled AND you tell it not to set client cookeis, then you don't get any session token cookies.

     

    Either enable JEE session variables or change setClientCookies to YES.

     

    jason

     
    |
    Mark as:
  • Currently Being Moderated
    Nov 27, 2012 7:43 AM   in reply to idesdema

    So what are you expectign it to do that it isn't? The cookies are setting fine for me. There is a duplicate of KP_ID and that is because you are cfparaming it without specifying a domain. so it gets the domain "www.kyndoutdoors.com" instead of ".kyndoutdoors.com ". As far as the browser is concerned those are two separate cookies for two separate domains. So it stores both of them. 

     

    To eliminate the dupe, don't param things in the cookie scope.

     

    Now, please, please, please tell me this is not how you are doing session management.

     

    Jason

     
    |
    Mark as:
  • Currently Being Moderated
    Nov 27, 2012 8:02 AM   in reply to idesdema

    Well, I tried your test page and your cookies did not get deleted. Why do you think they are getting deleted? What makes you believe they are getting deleted?

     

    jason

     
    |
    Mark as:
  • Currently Being Moderated
    Nov 27, 2012 8:04 AM   in reply to idesdema


    idesdema wrote:

     

    My session management is with cfapplication, cflogin, cflogin user and session variables.  Is that also not a good approach?

    Other than cfapplication, cflogin, and cfloginuser, that is how I do it.  

     

    Jason

     
    |
    Mark as:
  • Currently Being Moderated
    Nov 27, 2012 8:39 AM   in reply to idesdema

    Your cookies are NOT being deleted. The problem is the duplication. And more specifically, the problem is that cfparam that I encouraged you to remove.

     

    Your first decision in your test is this:

     

    <cfif #cookie.kp_id# EQ "">      (btw, you don't need hash marks in this code or in any of the other cfif statements in your code. Please remove them, they are soooo ugly)

     

    Well, kp_id is both blank and it's not. The cookie exists twice, once with and once without a value. CF is using the one without a value. Both are being sent, whatever order they are being sent in results in the cookie being blank.

     

    Here is the HTTP request being sent:

     

    GET /dbf/cookies.cfm HTTP/1.1

    Host: www.kyndoutdoors.com

    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:16.0) Gecko/20100101 Firefox/16.0

    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

    Accept-Language: en-US,en;q=0.5

    Accept-Encoding: gzip, deflate

    Connection: keep-alive

    Cookie: kp_id=""; KP_ID=13608; KP_USERNAME=timmyv; KP_PASSWORD=timmyv

     

    The important line is the last one. TWO KP_IDs are being sent. One is blank, one is not. CF must use the first one it recieves.

     

    Regardless, remove the cfparam (you'll need to add a check for existence to your cfifs that make use of that cookie var), delete your cookies and try it again.

     

    Jason

     
    |
    Mark as:

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points