• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

How to set CFGLOBALS Cookie expiry too 1 day

New Here ,
Jan 09, 2020 Jan 09, 2020

Copy link to clipboard

Copied

Hello All,

 

Thanks for taking the time to go through my question.

 

I need to implement a security patch to an application to keep all cookies expiry to 1 day. By default, CF is setting to 2050. Added a piece of code on application.cfc to make it as 1 day.

<cfset this.sessioncookie.timeout = "1" >

However, it did work for CFID and CFTOKENPersistentCookieCFGLOBALS.PNG but not for CFGLOBALS cookie.

 

Any idea how to update the CFGLOBALS expiry as well?

 

Thank you

TOPICS
Advanced techniques , Server administration

Views

642

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Jan 09, 2020 Jan 09, 2020

Copy link to clipboard

Copied

You should be able to rewrite any of these cookies so that they're limited by whatever limits you want to use. Here's an example.

 

https://www.petefreitag.com/item/764.cfm

 

Dave Watts, Eidolon LLC

Dave Watts, Eidolon LLC

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Jan 09, 2020 Jan 09, 2020

Copy link to clipboard

Copied

Thanks for the reply Dave. Yes, I already implemented a secure flag and it is working fine. But the problem is with changing the expiry date. I added code to change the expiry date to 1 day using <cfset this.sessioncookie.timeout = "1" > in application.cfc.

 

Which is changing to 1 day for CFID and CFTOKEN but not for CFGLOBALS.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Jan 09, 2020 Jan 09, 2020

Copy link to clipboard

Copied

LATEST

Take a look at Pete's example. He's setting all the built-in sessioncookie variables to false, then has conditional logic to explicitly create the cookies. You should be able to set any cookie value you want that way. Here's his example extended for CFGLOBALS (note, I don't know exactly what's in CFGLOBALS and would need to figure that out to make this complete. Also, his example creates true session cookies which will be deleted when the browser is closed, you'd have to explicitly add a date in the CFHEADERs for keeping them one day.

 

<cfapplication setclientcookies="false" sessionmanagement="true" name="test">
<cfif NOT IsDefined("cookie.cfid") OR NOT IsDefined("cookie.cftoken") OR cookie.cftoken IS NOT session.CFToken>
     <cfheader name="Set-Cookie" value="CFID=#session.CFID#;path=/;HTTPOnly">
     <cfheader name="Set-Cookie" value="CFTOKEN=#session.CFTOKEN#;path=/;HTTPOnly">

     <cfheader name="Set-Cookie" value="CFGLOBALS=...;path=/;HTTPOnly">
</cfif>

 

Dave Watts, Eidolon LLC

Dave Watts, Eidolon LLC

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation