Currently CFID and CFTOKEN appear in the URL of certain pages, such as 404.cfm. I do not wish for those parameters and values to appear in my URLs. I thought by setting setClientCookies to false that would resolve the issue, but I guess I'm mistaken that setClientCookies does that?
I restarted the ColdFusion server after making the code change to application.cfc
I'm using CF9 on my local machine.
|<cfset THIS.name = "myLocalTest" />|
|<cfset THIS.ApplicationTimeout = CreateTimeSpan(2,0,0,0) />|
|<cfset THIS.SessionManagement = true />|
|<cfset THIS.SessionTimeout = CreateTimeSpan(0,0,30,0) />|
|<cfset THIS.setClientCookies = false />|
Am I missing something?
setClientCookies = false tells coldfusion not to create cookies for the session tokens (CFID and CFToken). CFID and CFToken still exist and when they are int eh URL they are not in a cookie.
What you are experiencing is likely one of the hated issues with cflocation. If you do not set addToken=false in every one of your cflocation tags, then CF will kindly (annoyingly) add the token for you. This has nothing to do with cookies.
Excellent. Thank you for the explanation.