Asume that there is a login page then you can place the code mentioned below in that page.
<!--- .mydomain.com cookie is interfering with the subdomain.mydomain.com cookie. So let's clear the mydomain cookie before attempting to login --->
<cfif session.userID IS 0> <!--- if not logged in yet --->
<cfif isDefined("Cookie")>
<cfset idCount = tokenCount = 0>
<cfloop collection="#cookie#" item="v">
<cfif v IS "CFID">
<cfset idCount += 1>
<cfelseif v IS "CFTOKEN">
<cfset tokenCount += 1>
</cfif>
</cfloop>
<cfif idCount NEQ tokenCount OR idCount GT 1>
<cfloop collection="#cookie#" item="v">
<cfset structDelete(cookie,v)>
</cfloop>
<cfif isDefined("session.cfid")>
<cfcookie name="cfid" value="#session.cfid#" domain=".mydomain.com" expires="now">
<cfcookie name="cfid" value="#session.cfid#">
</cfif>
<cfif isDefined("session.cftoken")>
<cfcookie name="cftoken" value="#session.cftoken#" domain=".mydomain.com" expires="now">
<cfcookie name="cftoken" value="#session.cftoken#">
</cfif>
<cfelse>
<cfif isDefined("cookie.cfid") AND isDefined("session.cfid") AND cookie.cfid IS NOT session.cfid>
<cfcookie name="cfid" value="#session.cfid#" domain=".mydomain.com" expires="now">
<cfcookie name="cfid" value="#session.cfid#">
</cfif>
<cfif isDefined("cookie.cftoken") AND isDefined("session.cftoken") AND cookie.cftoken IS NOT session.cftoken>
<cfcookie name="cftoken" value="#session.cftoken#" domain=".mydomain.com" expires="now">
<cfcookie name="cftoken" value="#session.cftoken#">
</cfif>
</cfif>
</cfif>
</cfif>
8
Replies
AdChoices