4 Replies Latest reply: Jul 31, 2012 7:50 AM by skchachra RSS

    CF Session cookies (CFID, CFTOKEN, CFAuthorization_<app-name>)

    Community Help Community Member
    Community Help Jul 5, 2012 8:57 AM

      This question was posted in response to the following article: http://help.adobe.com/en_US/ColdFusion/10.0/Developing/WSe61e35da8d3185183e145c0d1353e31f5 59-7ffc.html

      • 2591 Views
      • Tags:
        • 1. Re:  CF Session cookies (CFID, CFTOKEN, CFAuthorization_<app-name>)
          Bodhisattva00 Community Member
          Bodhisattva00 Jul 5, 2012 8:57 AM (in response to Community Help)

          Just out of curiosity, why are you still using Application.cfm in your examples? I thought the new and improved way was to use Application.cfc which came out in Coldfusion 7. I understand why it would be present in older examples, but CF 10 is brand new and Application.cfc has been in use for at least 7 years. thanks

          • 2. Re:  CF Session cookies (CFID, CFTOKEN, CFAuthorization_<app-name>)
            Bodhisattva00 Community Member
            Bodhisattva00 Jul 7, 2012 5:14 AM (in response to Community Help)

            For anyone that has set up their application(s) so the session ends when the last browser window is closed, that uses CF session variables (but not J2EE session variables), you need to read this. The old way (as described in the book Web Application Construction Kit & various websites)  of doing this will not work in CF10. Yes, I understand that technically the session does not end until the session expires on the server. OK then, in order for your code to continue working in CF10, you need to set THIS.sessioncookie.timeout to “–1” (under the CFComponent tag). One other thing to note, if your using a shared server, make sure to set THIS.sessioncookie.disableupdate to false, which will override the corresponding setting in the Administrator “Disable updating ColdFusion internal cookies using ColdFusion tags/functions” (in case its checked) & enable you to set CFID & CFToken as session cookies. For specifics about “Ending the Session when the Browser Closes”, see page 612 in ColdFusion 7 Web Application Construction Kit or ColdFusion 8 Web Application Construction Kit, Volume 1 (around page 539).

            • 3. Re:  CF Session cookies (CFID, CFTOKEN, CFAuthorization_<app-name>)
              CF-AXL Community Member
              CF-AXL Jul 20, 2012 11:38 PM (in response to Community Help)

              The value of the scriptprotect should be a boolean instead of all.

              • 4. Re:  CF Session cookies (CFID, CFTOKEN, CFAuthorization_<app-name>)
                skchachra
                skchachra Jul 31, 2012 7:50 AM (in response to Bodhisattva00)

                Is there a way to expire session cookies using <cfcookie> tag or by any other way, to end the user session. We have been having problems with expiring user session after upgrading to CF-10. The <cfcookie> tag ignores the expire attribute and uses the default value. Also, another issue that we have been facing is that session cookies should be host-only by default, but in our case it always has a domain attribute and is being shared across the domain even if we add 'setdomaincookies="no"' to the <cfapplication> tag. Any response is highly appreciated.