1 Reply Latest reply on Oct 29, 2015 3:22 AM by yui8979

    JSESSIONID cookie set when form posted with enctype="multipart/form-data"


      I have the following CF Admin settings in my CFIDE :

      - Use J2EE session variables (not checked)

      - Enable Application variables (checked)

      - Enable Session Variables (checked)


      When I make a form post with enctype="multipart/form-data", a cookie with the name JSESSIONID is set. When the enctype is removed, it is not set.


      Below is my test code :


      <!---- Start of Test Code ---->


      <cfdump var="#session#">

      <form name="test" id="test" action="sessionTest.cfm" method="post"  method=post enctype="multipart/form-data">

      <br><input type="text" name="title" id="title">

      <br><input type="file" name="funnycatpic" id="funnycatpic">

      <br><input type="submit" value="Submit Form">


      <!---- End of Test Code ---->


      After posting the above, my browser reports that a cookie with "JSESSIONID" had been set.

      Screenshot - 29_10_2015 , 11_41_58 AM.png

      Screenshot - 29_10_2015 , 11_37_59 AM.png

      Next, remove enctype="multipart/form-data" from the <form>, and manually remove the JSESSIONID cookie through the browser (in Firebug, right click and choose delete). Re-load the page and click Submit Form. JSESSIONID is not set in cookies as expected.


      Why is JSESSIONID being set when my form specifies an enctype=multipart/form-data?

      And more importantly, why is the JSESSIONID cookie being set at all even though my application specifically says SETCLIENTCOOKIES=NO?


      This is on Coldfusion 9.0.1.