setClientCookies to false does not appear to work?

Question

Currently CFID and CFTOKEN appear in the URL of certain pages, such as 404.cfm. I do not wish for those parameters and values to appear in my URLs. I thought by setting setClientCookies to false that would resolve the issue, but I guess I'm mistaken that setClientCookies does that?

I restarted the ColdFusion server after making the code change to application.cfc

I'm using CF9 on my local machine.

	<cfset THIS.name = "myLocalTest" />
	<cfset THIS.ApplicationTimeout = CreateTimeSpan(2,0,0,0) />
	<cfset THIS.SessionManagement = true />
	<cfset THIS.SessionTimeout = CreateTimeSpan(0,0,30,0) />
	<cfset THIS.setClientCookies = false />

Am I missing something?

Thank you!

12Robots · Accepted Answer

setClientCookies = false tells coldfusion not to create cookies for the session tokens (CFID and CFToken). CFID and CFToken still exist and when they are int eh URL they are not in a cookie.

What you are experiencing is likely one of the hated issues with cflocation. If you do not set addToken=false in every one of your cflocation tags, then CF will kindly (annoyingly) add the token for you. This has nothing to do with cookies.

jason

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded