6 Replies Latest reply: Jun 24, 2014 12:15 PM by cherdt RSS

    CFID and CFTOKEN still set when using J2EE sessions

    cherdt Community Member

      I'm using CF10 and "Use J2EE session variables" is selected in the CF admin.

       

      When I visit an application, I get the JSESSIONID cookie, but I also get the CFID and CFTOKEN persistent cookies. The app I'm working with is older and uses Application.cfm instead of Application.cfc, but the clientmanagement and setclientcookies application attributes are set to false.

       

      I'm not sure why CFID and CFTOKEN are still set. Are they set regardless of the client and session management settings?