Thanks Dave. We are using the same host for SSL and non-SSL and we do set our CF cookies by Before we implemented the SSL, the CFID/CFTOKEn cookies stayed persistent on the browsers. When we implemented the SSL, we also changed the CFID/CFTOKEN cookies to expire at the end of the session (when browser is closed). So most of our users have the persistent cookies already. And I guess when they go directly to the SSL, somehow the CFM page read the persistent cookies and create a new set of CFID and CFTOKEN cookies. Is it possible???
Thanks. J _______________________________________________________________ Get the FREE email that has everyone talking at http://www.mail2world.com <-----Original Message-----> > > From: Dave Watts > Sent: 4/9/2002 8:53:52 PM > To: [EMAIL PROTECTED] > Subject: RE: 2 Sets of CFID and CFTOKEN cookies > > I do not know how this happens but somehow other people's > and my browser gets 2 sets of cfid and cftoken cookies. It > happens when we implement the SSL. So i assume that the > cookies are set in different path but same domain even > though I use cfcookie with no path and domain parameters. > Do you guys know whether there are anything like http cookie > and https cookie???? (both ssl and non-ssl are in the same > domain) > > There is a difference between the two, in that you can specify upon creation > of the cookie whether it can be returned over a non-secure connection. For > example, in the CFCOOKIE tag, you can use the SECURE attribute to create a > cookie that will be returned only over SSL. > > My guess, though, is that you're using separate host names for SSL and > unsecured access: > > http://www.mysite.com/ > https://secure.mysite.com/ > > Try using the SETDOMAINCOOKIES attribute of CFAPPLICATION. Set it to "true"; > this should return the same cookies from both hostnames. If that doesn't > work, you might try setting SETCLIENTCOOKIES TO "false" and setting the > cookies yourself with CFCOOKIE. > > Is there anyway that I could view the HTTP header so i can > tell the difference of those 2 sets of cookies? > > Yes, there are many recording proxy applications you can use to see what's > going on in your HTTP requests and responses. I just found a new one today, > but haven't tested it yet: > > PortTunnel > http://www.steelbytes.com/ > > It supports SSL/TLS according to the docs. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > voice: (202) 797-5496 > fax: (202) 797-5444 > > ______________________________________________________________________ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
