Yes, I saw that. But he does not say how he made the new jsession id string. I am sure it is not some random string he pro grammatically generated. So, there must be a way to get at the jsessionid even if you don't have jsessionidenabled in the administrator.
On Tue, Mar 6, 2012 at 2:44 PM, Cameron Childress <[email protected]>wrote: > > Try this: > > > http://www.12robots.com/index.cfm/2009/5/6/Making-the-JSESSIONID-Session-Token-Cookie-SECURE-and-HTTPOnly-and-settings-its-PATH > > -Cameron > > On Tue, Mar 6, 2012 at 2:39 PM, Robert Rhodes <[email protected]> wrote: > > > > That works for cfid and cftoken, thanks. But it won't work for > jsessionid, > > because once that is selected in the administrator, it shows up as an > > unsecure cookie, even if you have setclientcookies turned off. That's a > > bummer, I wanted to use jsessionids. > > > > -- > Cameron Childress > -- > p: 678.637.5072 > im: cameroncf > facebook <http://www.facebook.com/cameroncf> | > twitter<http://twitter.com/cameronc> | > google+ <https://profiles.google.com/u/0/117829379451708140985> > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350289 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
