cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
1
Upvote

J2EE Checked - but still have CFID & CFTOKEN Cookies?

csgaraglino
Engaged ,
Apr 19, 2011 Apr 19, 2011

Hello all, I am trying to work through this PCI thing and I have everyting set properly per Adobe - but I am still getting a fail because of prediciptable cookies. Here is what I am confused about: This article (http://kb2.adobe.com/cps/404/kb404762.html) says that J2EE replaces CF_ID and CF_TOKEN - but my server is generating a CFID and CFTOKEN (No Underscores) anyway? With J2EE checked, why are these cookies even being set? How do I get rid of them - they are why my PCI is failing?

1.7K
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

12Robots
Advocate , Apr 19, 2011 Apr 19, 2011

Add this.setClientCookies="false" to your Application.cfc or srtClientCookies="false" to you <cfapplication> to tell ColdFusion not to set those cookies.

NOTE: I hope you are not using client variables.

Translate
replies 9 Replies 9
latest latest Jump to latest reply
12Robots
Advocate ,
Apr 19, 2011 Apr 19, 2011

Add this.setClientCookies="false" to your Application.cfc or srtClientCookies="false" to you <cfapplication> to tell ColdFusion not to set those cookies.

NOTE: I hope you are not using client variables.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
csgaraglino
Engaged ,
Apr 19, 2011 Apr 19, 2011
In Response To 12Robots

Will that terminate the ability to use "ANY" cookies? We use coockies in a verity of different way for ad tracking, subscription tracking, etc.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
12Robots
Advocate ,
Apr 19, 2011 Apr 19, 2011
In Response To csgaraglino

Oh and NO that will not prevent you from using any cookies, it is just telling ColdFusion not to set cookies for use with the client scope, which is why those cookies are still being set.

Jason

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
csgaraglino
Engaged ,
Apr 19, 2011 Apr 19, 2011
In Response To 12Robots

I think they may have been left-overs. I deleted my history again, close my browser and rebooted - and now your susgestion has worked and I am not able to get them back! So just to make sure I am clear on what I did, setting setclientcookies="no" only affects any code that is looking for the CFID or CFTOKEN directly? If I do NOT make a call to CFID or CFTOKEN I should not be affected anywhere, correct?

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
12Robots
Advocate ,
Apr 19, 2011 Apr 19, 2011
In Response To csgaraglino

setClientCookies=false simply tells ColdFusion not to set those cookies. I don't knwo that I woudl say that it "affects any code".  If you are ever looking for those cookies in code then Yes that code would not work. But I cannot imagine why anyone would ever look for those cookies anyway.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
csgaraglino
Engaged ,
Apr 19, 2011 Apr 19, 2011
LATEST
In Response To 12Robots

Thanks again - none of my code looks for CFID or CFTOKEN in cookies, session or anywhere for that fact! So far this seems to have worked beautifully! Thanks again for your help!

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
csgaraglino
Engaged ,
Apr 19, 2011 Apr 19, 2011
In Response To 12Robots

I did as you susgested, deleted all the history from the browsers, and as soon as I load the page, the cookies are still being created?

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
12Robots
Advocate ,
Apr 19, 2011 Apr 19, 2011
In Response To csgaraglino

Can you post the code from your Applciation.cfc or Application.cfm?

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
12Robots
Advocate ,
Apr 19, 2011 Apr 19, 2011
In Response To csgaraglino

When you say you "deleted history" do you mean you deleted all of your cookies?

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Open in a new window
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices