Skip to main content
R
rubytuby189
Participant
August 8, 2014
Question

THIS.setDomainCookies bug in CF11?

  • August 8, 2014
  • 1 reply
  • 1146 views

Hello,

It appears as though THIS.setDomainCookies functionality has been reversed from CF10 to CF11...

I migrated recently from CF10 -> CF11. I have an app that runs at xyz.thisdomain.com

My app has the following settings for THIS in Application.cfc:

<cfset THIS.name = "xyzapp">

<cfset THIS.applicationtimeout = createtimespan(1,0,0,0)>

<cfset THIS.sessionManagement = true>

<cfset THIS.Sessiontimeout = createtimespan(0,1,0,0)>

<cfset THIS.setDomainCookies = true>

When a user logs out (manually), the system performs the following to clear the previous session and create a new session:

<cfset StructClear(Session)>

<cfset THIS.sessionManagement = true>

<cfset THIS.Sessiontimeout = createtimespan(0,0,0,0)>

               

<cfloop collection="#COOKIE#" item="name">

     <cfcookie name="#name#" value="" expires="now"/>

</cfloop>           

<cflocation addtoken="no" url="http://xyz.thisdomain.com">

In CF11, once the manual log out happens, the user's cookies persist still, and are for ".thisdomain.com". CF doesn't expire the cookies and create new ones, but has cleared the SESSION struct as instructed. This causes huge bugs in my system.

However, if I set THIS.setDomainCookies = false, then the cookies are correctly for "xyz.thisdomain.com", and are properly removed from the browser when the logout action happens. Everything works as expected.

This seems to be reverse setDomainCookies behaviour when comparing CF10 and CF11... Bug? OR am I missing something here... Worth mentioning that I installed CF11 as "Production + Secure Profile".

Thanks,

Dan

This topic has been closed for replies.

1 reply

R
rubytuby189Author
Participant
August 8, 2014

I also just noticed that in CF11 when setDomainCookies = true (as described above), the CFID value is a really long string like this: Z878pt2v0jgtx8yvvdf8rr3ifl19dswl61juevwo42y6ibcn65-1168 instead of the normal short, numeric value. Also, this CFID closely matches the value for the CFTOKEN cookie: Z878pt2v0jgtx8yvvdf8rr3ifl19dswl61juevwo42y6ibcn65-59bcdaab076aa06-2997ED3A-C291-54C7-53D0BF27179FEDC9. Looks like there's just a long (and same) prefix in both cookies... never seen this before.

When I set setDomainCookies = false, the CFID cookie goes back to the normal short numeric value (no prefix).

Thought it might be worth menitoning...

Dan

S
silmaril
Known Participant
August 11, 2014

Hi,

Not sure if it's related but i'm experiencing some weirdness with cflogin and loginStorage="session" also.

In some case i need to log-in twice for the login to "stick" (on the first login i only get to see one page, all following request get me back to the login form).

It seem to be linked to login/session timeouts but i can't figure out why...

F
fusrec
Participant
February 10, 2015

Hi Silmaril

I am experiencing exactly the same problem, but extremely intermittently.

Have you been able to resolve this "Double Login" problem? Or perhaps a workaround?

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices