Highlighted

Sessions - Token is generated but no cookie set

Community Beginner ,
Nov 19, 2014

Copy link to clipboard

Copied

I'm not versatile with programming coldfusion, so i'm not sure if this is a coding or server configuration issue 

My work task is to migrate a coldfusion website from a CF9 server to a freshly installed CF11 server. We managed to solve all the compatibility problems but one.

When I log into the web application, a CFTOKEN is generated and appears in the URL. As soon as I change the page, the CFTOKEN part vanishes from the URL. Also no cookie gets generated.

I would be grateful if someone had an idea what the solution of this problem could be.

Thanks in advance!

Greetings,

Nico Merz

Views

584

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Sessions - Token is generated but no cookie set

Community Beginner ,
Nov 19, 2014

Copy link to clipboard

Copied

I'm not versatile with programming coldfusion, so i'm not sure if this is a coding or server configuration issue 

My work task is to migrate a coldfusion website from a CF9 server to a freshly installed CF11 server. We managed to solve all the compatibility problems but one.

When I log into the web application, a CFTOKEN is generated and appears in the URL. As soon as I change the page, the CFTOKEN part vanishes from the URL. Also no cookie gets generated.

I would be grateful if someone had an idea what the solution of this problem could be.

Thanks in advance!

Greetings,

Nico Merz

Views

585

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Nov 19, 2014 0
Most Valuable Participant ,
Nov 19, 2014

Copy link to clipboard

Copied

Can you provide the content of your Application.cfc or Application.cfm?  For Application.cfc, we mainly need to see the pseudo-constructor code at the top to see your application settings (before any of the OnXXX functions).  Also, you've enabled sessions in CF Administrator?  And are you using CF sessions or J2EE sessions?

-Carl

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 19, 2014 1
Community Beginner ,
Nov 21, 2014

Copy link to clipboard

Copied

Thank you for your numerous answers!

This is the content of the application.cfm: [ColdFusion] Application.cfm - Pastebin.com

Here's a screenshot of the session related settings within CF administrator:

unbenanntefdy9.png

closer explanation: On the old server a CFTOKEN got generated at login and showed in the URL. When I navigated to another page, this token vanished from the URL. A cookie was set to recognise the user (even without the query string, the JSESSIONID).

On the new server, a CFTOKEN also gets generated at login and shows in the URL. When I navigated to another page, the token also vanished from the URL. Because no cookie was set, the user gets redirected to the login page.

I use the Firefox cookie manager to monitor the cookies.

Greetings,

Nico Merz

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 21, 2014 0
Adobe Community Professional ,
Nov 21, 2014

Copy link to clipboard

Copied

You give Coldfusion a dilemma. You ask it to use sessions, for which it requires CFID and CFToken cookies. However, by setting setClientCookies to "no" (in Application.cfm), you are asking it not to automatically set cookies on the client.

This scenario will only be consistent if you 'manually' set CFID and CFToken. Otherwise, you should change setClientCookies to "yes".

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 21, 2014 2
Most Valuable Participant ,
Nov 21, 2014

Copy link to clipboard

Copied

BKBK nailed the issue.  Turn on setClientCookies.

-Carl V.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 21, 2014 0
Explorer ,
Nov 20, 2014

Copy link to clipboard

Copied

You mean you are not able to see the session cookies - CFID and CFTOKEN . Right???.

Also let me know how are you checking whether these cookies have been set or not.??

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 20, 2014 1
Enthusiast ,
Nov 20, 2014

Copy link to clipboard

Copied

It seems like insted of URL : http://mywebsite.com/test.cfm it looks like Business website needed? Create a small business website with 1&1?&CFID=1010?&CFID=234567

After login, you'll forward to a page, use

<cflocation addtoken="no" url="mypage.cfm">

That should remove the identifying url variables.


All cflocation's in your code should contain the attribute : addtoken="no"

HTH

Thanks

VJ

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 20, 2014 1