They don't support complex types thus generally aren't used at least I haven't seen anyone using them in years
Regards Dale Fraser > On 4 Apr 2014, at 10:38 pm, "ColdGen Internet Solutions" > <coldgen.internet.soluti...@gmail.com> wrote: > > You are wrong ColdFusion still uses them even with J2ee. J2ee is just a more > secure method of tracking season.. The principal is the same > >> On 04/04/2014 10:35 PM, "Dale Fraser" <d...@fraser.id.au> wrote: >> I think client variables died with cf5 >> >> Regards >> Dale Fraser >> >>> On 4 Apr 2014, at 10:32 pm, "ColdGen Internet Solutions" >>> <coldgen.internet.soluti...@gmail.com> wrote: >>> >>> None = nooooooo. Try turning it on. ColdFusion under Java 101. Also update >>> JRE to 1.7 update 51 >>> >>>> On 04/04/2014 10:00 PM, "Phil Rasmussen" <ara...@gmail.com> wrote: >>>> Hey Peter. Not using Client Vars at all, it's set to storage = none in CF >>>> Admin. Purely J2EE Session cookies so the persistence between subdomains >>>> relies solely on the cookie which is where i'm stuck as none of my >>>> settings appear to help with the persistence. >>>> >>>>> On Friday, 4 April 2014 18:39:02 UTC+10, ColdGen Internet Solutions wrote: >>>>> Are you using the SAME database for storing Client Variables across all >>>>> of the domains? (and not storing as cookie or in registry). >>>>> >>>>> Just checking! >>>>> >>>>> >>>>> >>>>> Peter Tilbrook >>>>> Web Administrator, The Club Group Pty. Ltd. >>>>> Managing Director, ColdGen Internet Solutions >>>>> Professional Adobe ColdFusion Application Development >>>>> President, ACT and Region ColdFusion Users Group >>>>> PO Box 2247 >>>>> Queanbeyan, NSW, 2620 >>>>> AUSTRALIA >>>>> >>>>> Telephone: +61-2-6104-9981 >>>>> Mobile: +61-2-047-623-579 >>>>> >>>>> Email Address: peter.t...@coldgen.com >>>>> WWW: http://www.coldgen.com/ >>>>> Twitter: @ColdGen >>>>> >>>>> ABN: 80 826 226 128 >>>>> >>>>> >>>>>> On 4 April 2014 18:48, Phil Rasmussen <ara...@gmail.com> wrote: >>>>>> Hi Dmitry >>>>>> >>>>>> I have read over that article a few days back and unfortunately it >>>>>> hasn't helped my problem. I'm also not entirely sure what she means with >>>>>> regards to changing config settings for J2EE so i've responded to her to >>>>>> get further information. >>>>>> >>>>>> Charlie i've been retesting with your suggestions today and tried a >>>>>> variation of the cookie manual setting with the encodeValue set to true >>>>>> and false, in addition to playing around with the domain mask as either >>>>>> ".domain.com" or "*.domain.com" neither of which seem to work. I have >>>>>> noticed using web inspector there on occasion appears to be 2 identical >>>>>> JSESSIONID's getting set and sometimes one of them has a slight >>>>>> difference in the encoding which is probably due to the fact I was >>>>>> mucking around with these encodeValue settings and not clearing my >>>>>> existing cookies. Either way I just cannot get the sessions to stick >>>>>> when jumping between subdomains and I keep getting issued with a fresh >>>>>> JSESSIONID token. >>>>>> >>>>>> I'm wondering if there is a Tomcat config setting or something deeper to >>>>>> help with this cross domain session management as I can't think of >>>>>> anything else. >>>>>> >>>>>> Cheers >>>>>> Phil >>>>>> >>>>>> >>>>>> >>>>>>> On Thursday, 3 April 2014 14:53:13 UTC+10, Dmitry Yakhnov wrote: >>>>>>> Hi Phil, >>>>>>> >>>>>>> This post seems to be pretty relevant to your problem: >>>>>>> http://www.shilpikhariwal.com/2012/02/how-to-secure-coldfusion-session.html >>>>>>> >>>>>>> In the end it says: >>>>>>> Note: all these configurations we discussed are valid for CF session >>>>>>> cookies and Authentication cookies. For JSESSIONID, one needs to make >>>>>>> changes in server related configurations. >>>>>>> >>>>>>> So probably direct edit of config files is involved. >>>>>>> >>>>>>> Cheers, >>>>>>> Dmitry. >>>>>>> >>>>>>>> On Thursday, 3 April 2014 09:26:13 UTC+11, Phil Rasmussen wrote: >>>>>>>> Hi Guys >>>>>>>> >>>>>>>> Just wondering if anyone has come across an issue in CF10 whereby >>>>>>>> sessions are dropped when crossing between HTTP and HTTPS, even though >>>>>>>> the JSESSIONID is being explicitly passed in these links which had >>>>>>>> worked for us for over 5 years without fail prior to CF10. From what I >>>>>>>> have read there appears to be a big change to address the Session >>>>>>>> Fixation security issues which would explain the HTTP/HTTPS drops but >>>>>>>> I can't find a workaround for this. >>>>>>>> >>>>>>>> Essentially we have CF10 installed with J2EE Session Management turned >>>>>>>> on, and the default HTTPOnly set to true. In the application the >>>>>>>> domain structure looks as follows: >>>>>>>> >>>>>>>> https://book.domain.com >>>>>>>> http://profile.domain.com >>>>>>>> http://approve.domain.com >>>>>>>> >>>>>>>> When crossing between the domains (which had worked for many years >>>>>>>> prior) the session drops and CF issues a new set of session >>>>>>>> identifiers. In order to try and bypass the SSL issue, i've switch the >>>>>>>> entire application over the HTTPS so at no stage will the session or >>>>>>>> cookies be served over HTTP, which works fine if the user doesn't >>>>>>>> cross domains, but the moment a different subdomain is clicked (ie to >>>>>>>> make a booking) then the session drops. >>>>>>>> >>>>>>>> Even setting a cookie in the onSessionStart() as follows has no >>>>>>>> effect: >>>>>>>> >>>>>>>> <cfcookie name="jsessionid" value="#session.sessionid#" >>>>>>>> domain=".domain.com"> >>>>>>>> >>>>>>>> Has anyone come across this behaviour migrating to CF10? >>>>>>>> >>>>>>>> Cheers >>>>>>>> Phil >>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "cfaussie" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>>> an email to cfaussie+u...@googlegroups.com. >>>>>> To post to this group, send email to cfau...@googlegroups.com. >>>>>> Visit this group at http://groups.google.com/group/cfaussie. >>>>>> For more options, visit https://groups.google.com/d/optout. >>>> >>>> -- >>>> You received this message because you are subscribed to the Google Groups >>>> "cfaussie" group. >>>> To unsubscribe from this group and stop receiving emails from it, send an >>>> email to cfaussie+unsubscr...@googlegroups.com. >>>> To post to this group, send email to cfaussie@googlegroups.com. >>>> Visit this group at http://groups.google.com/group/cfaussie. >>>> For more options, visit https://groups.google.com/d/optout. >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "cfaussie" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to cfaussie+unsubscr...@googlegroups.com. >>> To post to this group, send email to cfaussie@googlegroups.com. >>> Visit this group at http://groups.google.com/group/cfaussie. >>> For more options, visit https://groups.google.com/d/optout. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "cfaussie" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to cfaussie+unsubscr...@googlegroups.com. >> To post to this group, send email to cfaussie@googlegroups.com. >> Visit this group at http://groups.google.com/group/cfaussie. >> For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "cfaussie" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cfaussie+unsubscr...@googlegroups.com. > To post to this group, send email to cfaussie@googlegroups.com. > Visit this group at http://groups.google.com/group/cfaussie. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "cfaussie" group. To unsubscribe from this group and stop receiving emails from it, send an email to cfaussie+unsubscr...@googlegroups.com. To post to this group, send email to cfaussie@googlegroups.com. Visit this group at http://groups.google.com/group/cfaussie. For more options, visit https://groups.google.com/d/optout.
