Tom, Ah.. got it. Because there's it's not accepting it as a URL var it craps out.
-Mark -----Original Message----- From: Tom McNeer [mailto:[email protected]] Sent: Thursday, October 03, 2013 11:24 AM To: cf-talk Subject: Re: HttpOnly session cookie setting ignored in CF10 Mark, Thanks for the reply. Yes, that's the technique I've been using. The jsessionid is passed via FlashVars to the SWF. And the jsessionid is then passed from the SWF as a URL variable in the upload call. This is what's working on the live CF9 site. But on my CF10 dev server, I'm getting a 302 redirect, which is what occurred in CF9 before I learned to pass the jsessionid with the request. It's not the lack of the session information that's the problem (I don't think). It's that regardless of my server and application settings, the session cookies are set as HttpOnly, and thus the variable in the request from the SWF is not recognized. At least, that's my current theory. On Thu, Oct 3, 2013 at 11:46 AM, Mark A Kruger <[email protected]>wrote: > > Tom, > > Can you pass the cookie into your SWF from the calling page using flash > vars > and JS? > > -mark > > -----Original Message----- > From: Tom McNeer [mailto:[email protected]] > Sent: Thursday, October 03, 2013 10:05 AM > To: cf-talk > Subject: HttpOnly session cookie setting ignored in CF10 > > > Hi, > > I have a client application which uses a Flex front end. It runs on CF9, > but I have recently updated my dev server to CF10. > > Part of the application allows files to be uploaded to the server. A > problem has existed for a long time that would cause an error when posting > a file upload to a CF routine because the session information, which is > normally passed correctly on data requests, is not passed on an upload. > > The traditional workaround has been to include the jsessionid as a URL > param when calling the CF page. And this works fine for me on the live CF9 > site. > > But the same routine is failing on my dev server. > > The problem appears to be that the session cookies are being set as > HttpOnly, and can't be accessed by the Flex call (just as they would fail > on an ajax call). > > However, I am not able to get CF to send the cookies as HttpOnly=false. I > have unchecked both the Secure and HttpOnly options in the CF Admin. And my > Application.cfc contains this.sessioncookie.httponly=false. > > Yet despite this, and restarting the CF service just from fun, when I > access the dev site and examine the cookie content (in multiple browsers), > the cookies (jsession, CFID and CFTOKEN) are all set as httpOnly=true. > > Does anyone have any thoughts on this? > > -- > Thanks, > > Tom > > Tom McNeer > MediumCool > http://www.mediumcool.com > 1735 Johnson Road NE > Atlanta, GA 30306 > 404.589.0560 > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:356871 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
