Highlighted

JSESSIONID cookie set when form posted with enctype="multipart/form-data"

Explorer ,
Oct 28, 2015

Copy link to clipboard

Copied

I have the following CF Admin settings in my CFIDE :

- Use J2EE session variables (not checked)

- Enable Application variables (checked)

- Enable Session Variables (checked)

When I make a form post with enctype="multipart/form-data", a cookie with the name JSESSIONID is set. When the enctype is removed, it is not set.

Below is my test code :

<!---- Start of Test Code ---->

<cfapplication NAME="testSession" CLIENTMANAGEMENT=No SETCLIENTCOOKIES=No SESSIONMANAGEMENT=Yes>

<cfdump var="#session#">

<form name="test" id="test" action="sessionTest.cfm" method="post"  method=post enctype="multipart/form-data">

<br><input type="text" name="title" id="title">

<br><input type="file" name="funnycatpic" id="funnycatpic">

<br><input type="submit" value="Submit Form">

</form>

<!---- End of Test Code ---->

After posting the above, my browser reports that a cookie with "JSESSIONID" had been set.

Screenshot - 29_10_2015 , 11_41_58 AM.png

Screenshot - 29_10_2015 , 11_37_59 AM.png

Next, remove enctype="multipart/form-data" from the <form>, and manually remove the JSESSIONID cookie through the browser (in Firebug, right click and choose delete). Re-load the page and click Submit Form. JSESSIONID is not set in cookies as expected.

Why is JSESSIONID being set when my form specifies an enctype=multipart/form-data?

And more importantly, why is the JSESSIONID cookie being set at all even though my application specifically says SETCLIENTCOOKIES=NO?

This is on Coldfusion 9.0.1.


Thanks  

Views

841

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

JSESSIONID cookie set when form posted with enctype="multipart/form-data"

Explorer ,
Oct 28, 2015

Copy link to clipboard

Copied

I have the following CF Admin settings in my CFIDE :

- Use J2EE session variables (not checked)

- Enable Application variables (checked)

- Enable Session Variables (checked)

When I make a form post with enctype="multipart/form-data", a cookie with the name JSESSIONID is set. When the enctype is removed, it is not set.

Below is my test code :

<!---- Start of Test Code ---->

<cfapplication NAME="testSession" CLIENTMANAGEMENT=No SETCLIENTCOOKIES=No SESSIONMANAGEMENT=Yes>

<cfdump var="#session#">

<form name="test" id="test" action="sessionTest.cfm" method="post"  method=post enctype="multipart/form-data">

<br><input type="text" name="title" id="title">

<br><input type="file" name="funnycatpic" id="funnycatpic">

<br><input type="submit" value="Submit Form">

</form>

<!---- End of Test Code ---->

After posting the above, my browser reports that a cookie with "JSESSIONID" had been set.

Screenshot - 29_10_2015 , 11_41_58 AM.png

Screenshot - 29_10_2015 , 11_37_59 AM.png

Next, remove enctype="multipart/form-data" from the <form>, and manually remove the JSESSIONID cookie through the browser (in Firebug, right click and choose delete). Re-load the page and click Submit Form. JSESSIONID is not set in cookies as expected.

Why is JSESSIONID being set when my form specifies an enctype=multipart/form-data?

And more importantly, why is the JSESSIONID cookie being set at all even though my application specifically says SETCLIENTCOOKIES=NO?

This is on Coldfusion 9.0.1.


Thanks  

Views

842

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Oct 28, 2015 0
yui8979 LATEST
Explorer ,
Oct 29, 2015

Copy link to clipboard

Copied

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 29, 2015 0