4 Replies Latest reply on Dec 11, 2007 1:08 PM by Newsgroup_User

    Does firefox accept session cookies?

    mgelber
      I've just posted my new website and it works great - but if a customer uses firefox and has the browser so to not accept cookies, my shopping cart doesn't work. Weird- the shopping cart is (or is supposed to be) a session variable, not a client variable. Does anyone have troubleshooting ideas? I had thought a user with disabled cookies will still be able to use session variables.

      I just checked and the words CLIENT and COOKIE can't be found anywhere in my source code. I declare the cart in application.cfc like this:

        • 1. Re: Does firefox accept session cookies?
          BKBK Adobe Community Professional & MVP
          I had thought a user with disabled cookies will still be able to use session variables.

          No. If the client(browser) switches off cookies, then you will be able to maintain sessions only by passing the CFID and CFTOKEN in the URL of every page in your application.



          • 2. Re: Does firefox accept session cookies?
            Level 7
            If a customer uses ANY browser with cookies disabled, sessions will not
            work, unless you have taken steps to allow sessions to work without cookies.

            By default, in order of CF to know what user belongs to what session
            data it relies on two Cookies; CFID and CFToken. Without these cookies,
            CF assumes a user is a new user and will always initiate a new session
            state for them.

            You can choose to pass the necessary CFID and CFToken values through the
            URL rather then through cookies, but this required effort and coding an
            your part to make sure the the required names and values are passed
            through every single link and connection in your application. This can
            also lead to session sharing if links with these values are bookmarked,
            emailed or otherwise published.

            Bottom line -- session state requires cookie or URL tokens to work.

            • 3. Re: Does firefox accept session cookies?
              Stressed_Simon Level 1
              BKBK is right, although it is not good practice as you leave yourself open to session high jacking. To be honest anyone who disables cookies and expects anything remotely personalised to work is in dreamland!
              • 4. Re: Does firefox accept session cookies?
                mgelber Level 1
                Thanks guys, I just found the note in the WACK about how session variable require cookies to get started.

                I'll rewrite the site to check for cookie acceptance and if they're not being accept, show a "cookies required" message. Can you recommend a link to a description of a good implemenation? Its a bit tricky if you don't know what page they will enter the site- I suppose the logical place is when they first add something to their cart?