Copy link to clipboard
Copied
I'm not versatile with programming coldfusion, so i'm not sure if this is a coding or server configuration issue
My work task is to migrate a coldfusion website from a CF9 server to a freshly installed CF11 server. We managed to solve all the compatibility problems but one.
When I log into the web application, a CFTOKEN is generated and appears in the URL. As soon as I change the page, the CFTOKEN part vanishes from the URL. Also no cookie gets generated.
I would be grateful if someone had an idea what the solution of this problem could be.
Thanks in advance!
Greetings,
Nico Merz
Copy link to clipboard
Copied
Can you provide the content of your Application.cfc or Application.cfm? For Application.cfc, we mainly need to see the pseudo-constructor code at the top to see your application settings (before any of the OnXXX functions). Also, you've enabled sessions in CF Administrator? And are you using CF sessions or J2EE sessions?
-Carl
Copy link to clipboard
Copied
Thank you for your numerous answers!
This is the content of the application.cfm: [ColdFusion] Application.cfm - Pastebin.com
Here's a screenshot of the session related settings within CF administrator:
closer explanation: On the old server a CFTOKEN got generated at login and showed in the URL. When I navigated to another page, this token vanished from the URL. A cookie was set to recognise the user (even without the query string, the JSESSIONID).
On the new server, a CFTOKEN also gets generated at login and shows in the URL. When I navigated to another page, the token also vanished from the URL. Because no cookie was set, the user gets redirected to the login page.
I use the Firefox cookie manager to monitor the cookies.
Greetings,
Nico Merz
Copy link to clipboard
Copied
You give Coldfusion a dilemma. You ask it to use sessions, for which it requires CFID and CFToken cookies. However, by setting setClientCookies to "no" (in Application.cfm), you are asking it not to automatically set cookies on the client.
This scenario will only be consistent if you 'manually' set CFID and CFToken. Otherwise, you should change setClientCookies to "yes".
Copy link to clipboard
Copied
BKBK nailed the issue. Turn on setClientCookies.
-Carl V.
Copy link to clipboard
Copied
You mean you are not able to see the session cookies - CFID and CFTOKEN . Right???.
Also let me know how are you checking whether these cookies have been set or not.??
Copy link to clipboard
Copied
It seems like insted of URL : http://mywebsite.com/test.cfm it looks like Business website needed? Create a small business website with 1&1?&CFID=1010?&CFID=234567
After login, you'll forward to a page, use
<cflocation addtoken="no" url="mypage.cfm">
That should remove the identifying url variables.
All cflocation's in your code should contain the attribute : addtoken="no"
HTH
Thanks
VJ