Copy link to clipboard
Copied
Just had the IE 11 update pushed to my development box. Now, on the site I am working on, I am getting a new cfid/cftoken with every page request, ruining state/session management.
What is the easiest work around on this? I would hate to have to go through all the site adding #cfid# and #cftoken# to every url...
Also, if I do have to append cfid/cftoken, how is it handled when the site is indexed by a se bot? Wouldn't the cached links have the same cfid/cftoken for everyone?
Thank you.
Copy link to clipboard
Copied
Ensure IE is allowing cookies to be set. There's probably a security/privacy setting that's just preventing this; IE is a horrible browser, but I cannot see it just blindly refusing to store session data.
There is a function called URLSessionFormat which you can wrap around all your links, and CF will determine if the client can support cookies or not; if so, it will append nothing to the URL, but if they cannot, it will add the needed variables to the URL passed to it in order to add the CFID/CFTOKEN as needed.
Also, you don't want to send session data to any resource that does not modify or restrict its content by user. For example, you send a session data to the base request because it needs to know who you are through subsequent requests, but you don't want to append the CFID and CFTOKEN data to resources that don't care who you are and just serve data. Like Images, Scripts and Styles.
In fact, a way of optimizing an application often involves moving said resources to separate hosts who are setup to not even accept cookie data; that way, even the request to the resource is minimal (smaller request headers). For such resources, simply do not enclose them in the URLSessionFormat() BIF.