2 Replies Latest reply: Oct 21, 2013 9:39 AM by Aegis Kleais RSS

    CF keeps issuing new CFIDs for my session

    Aegis Kleais Community Member
    Aegis Kleais Oct 20, 2013 1:06 PM

      So, I have J2EE memory variables disabled (so, to my knowledge, CF will issue CFID and CFTOKEN)

       

      I checked my browser (Chrome 30) and I have not disabled cookies in any shape or manner).  I was dumping the SESSION scope to the screen, and taking note of the CFID, and it kept changing each time I reloaded the page, which made me think that for some reason a cookie was not being set on my browser, or my browser was not sending the cookie in the REQUEST subsequently.

       

      Are there other things I need to check on to make sure I'm setup properly?  My APPLICATION variables for SESSIONS are:

       

      THIS.sessionManagement = true

      THIS.sessionTimeout = createTimeSpan( 0,0,30,0 )

       

      In my onRequestStart, I am running a:

       

      <cfset onApplicationStart() />

       

      Which as I understand it means it will run the code IN the oAS() method, but will not start a new application.  None of my code in those BIFs does anything with the SESSION scope.

      • 405 Views
      • Tags:
        • 1. Re: CF keeps issuing new CFIDs for my session
          Steve Sommers Community Member
          Steve Sommers Oct 21, 2013 8:33 AM (in response to Aegis Kleais)

          Are you setting THIS.setClientCookies = true? If this does not correct the issues load up a client side diagnostic tool and start capturning the page requests and responses and look carefully at the cookies. I use either IE and the F12 developer tool or the Firefox plug-in Firebug.

          • 2. Re: CF keeps issuing new CFIDs for my session
            Aegis Kleais Community Member
            Aegis Kleais Oct 21, 2013 9:39 AM (in response to Steve Sommers)

            That's exactly it, Steve.

             

            I was re-reading over my CFWACK Vol 1 section on cookies and I got to the same part which stated that, even though I was fooled by its use of "CLIENT" (associating that with CLIENT scope, rather than the client browser), my application had that set to FALSE originally (again, cause I assumed it meant setting CFID/CFTOKEN for CLIENT scope, which I have disabled).

             

            Once I set it back to TRUE, my reloading of the page that is dumping the SESSION scope now shows the same CFID/CFTOKEN and I can inspect the cookies on my machine for that domain and see them just fine.