0 Replies Latest reply on Jan 8, 2014 12:53 PM by ReedP

    Problem with CFAPPLICATION setdomain cookies

    ReedP

      I have a CF8.01 website app.  In the past it hasn't been a big problem when users initially access it by typing "xyz.com" and then later (but within the life of a session) type in "www.xyz.com" - when they do the second access they get prompted to login again because the session from xyz.com doesn't exist.

       

      But I'm working on some new functionality that would involve emailing them a link to a report on the website.  Now it's a problem because the link isn't going to work unless I know whether or not to use "www." so that they don't get forced to login again  (presuming that they clicked it within the life of the session).

       

      I could do a test of CGI vars to see how they go to the page (www. or not in the URL), but it seems like this should be a problem that is solved by using domain cookies.  I included setdomaincookies="yes" in the CFAPPLICATION tag in application.cfm, but that had to effect.  I created a test case where a page did a CFDUMP of the session structure, set a session var and then did another dump.  Then I accessed it from xyz.com and got the expected results (first dump didn't have the var, second one did).  Did the same thing from www.xyz.com - expectation was that both dumps would have the var, but the results were identical the the previous test - only the second dump showed the var.

       

      Anyone run into this?  Is there something else I should be doing so that CF uses domain cookies to hold the sessionID info?  This is an otherwise stable, legacy, CF8.01 app, so I'd rather not do big changes like moving the J2EE sessions, especially on an older version of CF.  At the moment, moving it up to CF9 or CF10 isn't an option.

       

      thanks

      Reed