Skip to main content
A
Anonymous
November 19, 2014
Question

Sessions - Token is generated but no cookie set

  • November 19, 2014
  • 3 replies
  • 979 views

I'm not versatile with programming coldfusion, so i'm not sure if this is a coding or server configuration issue 

My work task is to migrate a coldfusion website from a CF9 server to a freshly installed CF11 server. We managed to solve all the compatibility problems but one.

When I log into the web application, a CFTOKEN is generated and appears in the URL. As soon as I change the page, the CFTOKEN part vanishes from the URL. Also no cookie gets generated.

I would be grateful if someone had an idea what the solution of this problem could be.

Thanks in advance!

Greetings,

Nico Merz

This topic has been closed for replies.

3 replies

vishu_13
vishu_13
Inspiring
November 20, 2014

It seems like insted of URL : http://mywebsite.com/test.cfm it looks like Business website needed? Create a small business website with 1&1?&CFID=1010?&CFID=234567

After login, you'll forward to a page, use

<cflocation addtoken="no" url="mypage.cfm">

That should remove the identifying url variables.


All cflocation's in your code should contain the attribute : addtoken="no"

HTH

Thanks

VJ

A
Abdul L Koyappayil
Inspiring
November 20, 2014

You mean you are not able to see the session cookies - CFID and CFTOKEN . Right???.

Also let me know how are you checking whether these cookies have been set or not.??

Carl Von Stetten
Carl Von Stetten
Legend
November 19, 2014

Can you provide the content of your Application.cfc or Application.cfm?  For Application.cfc, we mainly need to see the pseudo-constructor code at the top to see your application settings (before any of the OnXXX functions).  Also, you've enabled sessions in CF Administrator?  And are you using CF sessions or J2EE sessions?

-Carl

A
Anonymous
November 21, 2014

Thank you for your numerous answers!

This is the content of the application.cfm: [ColdFusion] Application.cfm - Pastebin.com

Here's a screenshot of the session related settings within CF administrator:

unbenanntefdy9.png

closer explanation: On the old server a CFTOKEN got generated at login and showed in the URL. When I navigated to another page, this token vanished from the URL. A cookie was set to recognise the user (even without the query string, the JSESSIONID).

On the new server, a CFTOKEN also gets generated at login and shows in the URL. When I navigated to another page, the token also vanished from the URL. Because no cookie was set, the user gets redirected to the login page.

I use the Firefox cookie manager to monitor the cookies.

Greetings,

Nico Merz

BKBK
Community Expert
BKBKCommunity Expert
Community Expert
November 21, 2014

You give Coldfusion a dilemma. You ask it to use sessions, for which it requires CFID and CFToken cookies. However, by setting setClientCookies to "no" (in Application.cfm), you are asking it not to automatically set cookies on the client.

This scenario will only be consistent if you 'manually' set CFID and CFToken. Otherwise, you should change setClientCookies to "yes".

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices