> I do not know how this happens but somehow other people's > and my browser gets 2 sets of cfid and cftoken cookies. It > happens when we implement the SSL. So i assume that the > cookies are set in different path but same domain even > though I use cfcookie with no path and domain parameters. > Do you guys know whether there are anything like http cookie > and https cookie???? (both ssl and non-ssl are in the same > domain)
There is a difference between the two, in that you can specify upon creation of the cookie whether it can be returned over a non-secure connection. For example, in the CFCOOKIE tag, you can use the SECURE attribute to create a cookie that will be returned only over SSL. My guess, though, is that you're using separate host names for SSL and unsecured access: http://www.mysite.com/ https://secure.mysite.com/ Try using the SETDOMAINCOOKIES attribute of CFAPPLICATION. Set it to "true"; this should return the same cookies from both hostnames. If that doesn't work, you might try setting SETCLIENTCOOKIES TO "false" and setting the cookies yourself with CFCOOKIE. > Is there anyway that I could view the HTTP header so i can > tell the difference of those 2 sets of cookies? Yes, there are many recording proxy applications you can use to see what's going on in your HTTP requests and responses. I just found a new one today, but haven't tested it yet: PortTunnel http://www.steelbytes.com/ It supports SSL/TLS according to the docs. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ______________________________________________________________________ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
