To
make sure that CF doesn't write CFID/CFTOKEN cookies, all you should have to do
is add
setclientcookies="No"
in
your <CFAPPLICATION ...> tag.
Have
you already tried this?
Did it
work?
Regards
Darren
Tracey
--------Original Message-----Hi,
From: Laszlo Simity [mailto:[EMAIL PROTECTED]
Sent: Friday, 14 May 2004 9:41 AM
To: CFAussie Mailing List
Subject: [cfaussie] Big MX Problems
We're just trying to migrate to MX from 5. We're having some problems with session management.
Our site does not use cookies for session management - rather a unique identifier (not the CFID/CFTOKEN pair) is sent through the URL. Now, in 5, Coldfusion would still set (probably our own fault here, but this is beside the point :)), a cookie with the CFID/CFTOKEN.
What we would do is say:
Is there a URL identifier?
yes:
Do some work here to make sure CfApplication will know it's an existing session
no:
Set the cookies to blank
Call cfapplication - which will create a new CFID/CFTOKEN and session
This still works to an extent. We no longer generate cookies, and therefore for new users with a fresh browser, this still works. However, if you already have a CFID/CFTOKEN set in your browser from our site, MX creates a session in the "no" case above, to the values in your cookie. What's worse is that if the cookie is blank, it creatse a session with a blank CFID/CFTOKEN pair. What this means is that in testing, we had the entire company using one session (as we all had CFID/CFTOKEN cookies that were blank). This seems like a pretty serious bug at least.
Obviously as some sort of "release task", we need to delete these cookies from peoples' browsers. Or better yet, have ColdFusion ignore blank cookie values - or preferably cookies totally in the call to cfapplication. I am unable to find any documentation that suggests anything like this is possible.
Whilst I can test for the cookie key existence, then redirect to a page that deletes the cookies and meta refreshes back to the index.cfm, we have non-browser http clients that access our site via form submission, so this isn't necessarily an option.
Anyone have an ideas?
Thanks
---
You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED]
MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia
http://www.mxdu.com/ + 24-25 February, 2004
You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED]
MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia
http://www.mxdu.com/ + 24-25 February, 2004
