RE: setdomaincookie invalidating session

Thu, 05 Aug 2004 08:27:22 -0700

You have to be careful with setdomaincookies... if the host name in the request has fewer than two dots in it then you should not set setdomaincookies to true. (So www.xyz.com will work, but xyz.com won't.)  Any cookies set in that configuration won't be sent back to the server.  It makes sense if you look at what the cookie request actually looks like, but it still sucks that CF doesn't detect this situation on it's own and skip the domain part when it has no chance of working. (At least in CF5 and prior.)


    Mark

-----Original Message-----
From: Christopher Grant [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 05, 2004 11:18 AM
To: CF-Talk
Subject: setdomaincookie invalidating session

I'm currently having an issue where i'm trying to pass my session from www.domain to secure.domain but the session isn't being maintained.

I'm actually doing this exact task in a different domain on the same box and it works just fine.

Here are my symptoms:
The code on the working domain is:
<cfapplication
sessionmanagement="yes"
setdomaincookies="yes">

The cfid remains the same as expected. However when I put this same code on any other domain on the box the cfid changes with each request. If I remove the setdomaincookies statement the cfid is set properly and is maintained. Passing the cfide and token across to the secure server in the url does maintain the session but id rather not have to do that if possible.

Any thoughts or suggestions?
  _____
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]

Reply via email to