By default CF sets the cookie in only the domain it is on."mydomain.com" But cfcookie does not let you set the domain name for the cookie.
So you couldn't use the cookies session across sub domains. eg " one.mydomain.com" I have had situations where I had to overwrite the session cookies that CF sets on each request with cfheader, that way I could specify the .subdomain. This also allows you to use the HTTPOnly flag. <cfheader name="Set-Cookie" value="CFID=#SESSION.CFID#;path=/;domain=. mydomain.com;expires=MON, 21-Dec-2009 00:00:00 GMT;HTTPOnly;" /> <cfheader name="Set-Cookie" value="CFTOKEN=#SESSION.CFTOKEN#;path=/;domain=. mydomain.com;expires=MON, 21-Dec-2009 00:00:00 GMT;HTTPOnly;" /)> (note the dot in ".mydomain.com") /K ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:328184 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
