Tom, Can you pass the cookie into your SWF from the calling page using flash vars and JS?
-mark -----Original Message----- From: Tom McNeer [mailto:[email protected]] Sent: Thursday, October 03, 2013 10:05 AM To: cf-talk Subject: HttpOnly session cookie setting ignored in CF10 Hi, I have a client application which uses a Flex front end. It runs on CF9, but I have recently updated my dev server to CF10. Part of the application allows files to be uploaded to the server. A problem has existed for a long time that would cause an error when posting a file upload to a CF routine because the session information, which is normally passed correctly on data requests, is not passed on an upload. The traditional workaround has been to include the jsessionid as a URL param when calling the CF page. And this works fine for me on the live CF9 site. But the same routine is failing on my dev server. The problem appears to be that the session cookies are being set as HttpOnly, and can't be accessed by the Flex call (just as they would fail on an ajax call). However, I am not able to get CF to send the cookies as HttpOnly=false. I have unchecked both the Secure and HttpOnly options in the CF Admin. And my Application.cfc contains this.sessioncookie.httponly=false. Yet despite this, and restarting the CF service just from fun, when I access the dev site and examine the cookie content (in multiple browsers), the cookies (jsession, CFID and CFTOKEN) are all set as httpOnly=true. Does anyone have any thoughts on this? -- Thanks, Tom Tom McNeer MediumCool http://www.mediumcool.com 1735 Johnson Road NE Atlanta, GA 30306 404.589.0560 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:356869 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
