I have the following CF Admin settings in my CFIDE :
- Use J2EE session variables (not checked)
- Enable Application variables (checked)
- Enable Session Variables (checked)
When I make a form post with enctype="multipart/form-data", a cookie with the name JSESSIONID is set. When the enctype is removed, it is not set.
Below is my test code :
<!---- Start of Test Code ---->
<cfapplication NAME="testSession" CLIENTMANAGEMENT=No SETCLIENTCOOKIES=No SESSIONMANAGEMENT=Yes>
<form name="test" id="test" action="sessionTest.cfm" method="post" method=post enctype="multipart/form-data">
<br><input type="text" name="title" id="title">
<br><input type="file" name="funnycatpic" id="funnycatpic">
<br><input type="submit" value="Submit Form">
<!---- End of Test Code ---->
After posting the above, my browser reports that a cookie with "JSESSIONID" had been set.
Next, remove enctype="multipart/form-data" from the <form>, and manually remove the JSESSIONID cookie through the browser (in Firebug, right click and choose delete). Re-load the page and click Submit Form. JSESSIONID is not set in cookies as expected.
Why is JSESSIONID being set when my form specifies an enctype=multipart/form-data?
And more importantly, why is the JSESSIONID cookie being set at all even though my application specifically says SETCLIENTCOOKIES=NO?
This is on Coldfusion 9.0.1.
Copy link to clipboard