Copy link to clipboard
Copied
i need to maintain session data between sub domains
you can do this easy by setting:
this.setdomaincookies="yes"
works perfectly because the cfid and cftoken cookies domain is set to ".domain.com" instead of "whatever.domain.com"
here is the problem. we are using J2EE sessions.
so the cookie that we need to have its sub domain blank is the JSESSIONID
this cookie is not set to ".domain.com" it remains "whatever.domain.com"
if i try to manually create the cookies by setting setclientcookies to false a very odd thing occurs. when i set the value to session.sessionid, the resulting value is set to for example: " F29D7D74818F64478776A879964C7E05%2Ecfusion", see how it has replaced the "dot" with "%2E"
i think this causes the brains to mark it as an invalid cookie so it creates another one, which then has its own valid value but does not work for us because its now its own session.
i read some stuff about editing the jrun-web.xml to fix this one million years ago but i cant find that file on cf2016.
Copy link to clipboard
Copied
and i forgot to give you system specs:
Server Product | ColdFusion 2016 |
Version | 2016.0.03.301771 |
Java Version | 1.8.0_112 |
windows 7
IIS 7.5
Copy link to clipboard
Copied
as soon as i posted this i found out how to fix my "dot" problem
encodeValue="false" in the cfcookie.
but my problem is still here! the sub domain sets its own JSESSIONID cookie, and ignores the perfectly valid one already set
Copy link to clipboard
Copied
ok i think i may have it worked out
this is still a bug and should not be happening
but the workaround is this
setclientcookies = no
then add this
<cffunction name="onSessionStart" returnType="void" output="false">
<cfcookie name="JSESSIONID" value="#session.sessionid#" domain=".yourdomain.com" httponly = "yes" encodeValue="false">
</cffunction>
then do your regular onrequeststart stuff
maybe this will save some suicides out there.
Copy link to clipboard
Copied
Can you file a bug report about this behavior at Tracker ? Please include minimal code required to demonstrate/reproduce the problem.
-Carl V.
Copy link to clipboard
Copied
suicide will commence.(j/k)
but, ur workaround is not working for me. I have been at this for hours. I need to share sessions with subdomains!
It keeps wanting to set "website.com" instead of ".website.com".
HELP!!
Copy link to clipboard
Copied
Since newer versions of CF use Tomcat, I'd look for resources about Tomcat and session cookies with subdomains. Here's one I've found. I haven't tested this myself, but it looks like it might work.
Dave Watts, Fig Leaf Software
Copy link to clipboard
Copied
Thanks Dave, but I don't see a link?
Copy link to clipboard
Copied
Oops!
https://codingexplained.com/coding/java/tomcat-share-session-cookies-subdomains
Dave Watts, Fig Leaf Software
Copy link to clipboard
Copied
No dice with that unfortunately.
Copy link to clipboard
Copied
damn, I think I got it! Had edited the wrong one since there were 2.
was this one [drive]:\[cfinstall]\cfusion\runtime\conf
I had edited
[drive]:\[cfinstall]\cfusion\runtime\manager\META-INF
Lifesaver Dave!
Copy link to clipboard
Copied
I'm glad it helped!
Dave Watts, Fig Leaf Software