Skip to main content
A
Anonymous
December 11, 2015
Answered

new cfid with every refresh

  • December 11, 2015
  • 1 reply
  • 3454 views

I updated a test server from ColdFusion 10 to ColdFusion 11 30 days Enterprise trail edition with update 7.

However, every time I hit refresh in my browsers, I get a new cfid. As a result, a valid session is not found so the login page doesn't work.

I checked the session in coldfusion admin page and my cookie in my browsers, they are both created correctly.

This is what I have in my application.cfm

<CFAPPLICATION NAME="TESTWEB"

  CLIENTMANAGEMENT="Yes"

  SETCLIENTCOOKIES="Yes"

  SESSIONMANAGEMENT="Yes"

  SESSIONTIMEOUT = "#CreateTimeSpan(7,0,0,0)#"

  SETDOMAINCOOKIES = "No">

However, when I open the page from the host computer, then the cfid doesn't get change everytime I hit refresh, so everything works.

During login, I had code that set cfid/cftoken to cookie, but since I changed to SETCLIENTCOOKIES="Yes", I removed those code. The only other place would be in logout.

I am not using jsessionids, only coldFusion session id.

Timeout for all session variables is 7 days.

Any idea what can cause my problem?

This topic has been closed for replies.
Correct answer

OK.

You said:

I am not using jsessionids, only coldFusion session id.

But later you added:

What I meant before is my browser at least contain cfid cookie. It also contain cfid, cftoken, jessionid,

Did you disable JEE sessions in the administrator?


In ColdFusion Admin page, I go to Server Settings -> Memory Variable and I see Use J2EE session variables uncheck, Enable Application Variables and Enable Session Variables checked. I have 7 days for timeout for Application Variables and 7 days 20 minutes for Sessions Variables in both Maximum and Default Timeout. In Session Cookie Setting, cookie timeout is 15768000 minutes and  HTTPOnly is checked.


Do you think these setting are correct? This is where JEE session is set right?

1 reply

BKBK
BKBK
Braniac
December 11, 2015

dzhaos wrote:

This is what I have in my application.cfm

<CFAPPLICATION NAME="TESTWEB"

  CLIENTMANAGEMENT="Yes"

  SETCLIENTCOOKIES="Yes"

  SESSIONMANAGEMENT="Yes"

  SESSIONTIMEOUT = "#CreateTimeSpan(7,0,0,0)#"

  SETDOMAINCOOKIES = "No">

Timeout for all session variables is 7 days.

It is uncllear what the problem is. First you say sessions don't work, then you say they do.

In any case, you should switch to Application.cfc, using a more realistic value of sessiontimeout.

Application.cfc

<cfcomponent>

    <cfscript>

        this.name = "TESTWEB";

        this.applicationTimeout = "#createTimespan(1,0,0,0)#";

        this.clientManagement = "yes";

        this.clientStorage = "cookie";

        this.sessionManagement = "yes";

        this.sessionTimeout = "#createTimeSpan(0,0,20,0)#";

        this.setClientCookies = "yes";

        this.setDomainCookies = "no";

     </cfscript>

</cfcomponent>

A
Anonymous
December 11, 2015

The session actually works when I am inside the computer that host the server, and I use the browser in there to connect to my website, then everything work.

However, if I am on another computer, and then go to my website, the session doesn't load. In both cases, I check my browser does contain the cfid cookie.

Does this make sense?

Thanks for taking your time to look at my problem.

A
Anonymous
December 21, 2015

dzhaos wrote:

wow after I checked J2EE session variables, the cfid doesn't change now after refresh for all browsers. So my problem is now solved, can you think of how J2EE session fixed my problem?

I really can't say, to be honest. I am glad to hear that you can now work with sessions. Quite handy.

Using J2EE sessions is preferable to using CFID and CFToken. When you say your problem is solved, I hope you have been checking for a change in the jsessionid cookie. Coldfusion stops generating CFID and CFToken cookies when you enable J2EE sessions.


BKBK, thank you for all your help.

Yes, CFID and CFToken cookies are not longer in my browser. I have also replaced code that check for CFID in login and logout. 

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices