RE: CFLogout confusion
Yes, I believe so. www is a 'subdomain', albeit a standard one, just like any other 'subdomain' (whatever.mysite.com for example) and each one represents a potentially different domain and therefore a different session. I've experienced this to, but in a positive way. When I did a site for a client, the requirement was to create 'affiliate' sites like this: Affiliate1.mysite.com Affiliate2.mysite.com And so on.this worked to my advantage of course, if someone was on affiliate1's site and logged in and doing something, they should not be logged into affiliate2's site and vice versa. Dave Phillips -Original Message- From: Stefan Richter [mailto:ste...@flashcomguru.com] Sent: Tuesday, November 10, 2009 8:03 AM To: cf-talk Subject: CFLogout confusion I'm using cflogin and cflogout on my site. A user is logged into http://www.mysite.com and then clicks log out. I run cflogout and redirect her to http://mysite.com (note I missed the www off). There seems to be some kind of double session going on when I previously logged into http://www.mysite.com as well as http://mysite.com because after the logout I still see to be logged in as the user who previously logged into the other respective site (of course there is only one site). I hope this makes sense. Is this expected behaviour? Stefan ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:328175 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: CFLogout confusion
What Stefan said is true. Also, as a general rule I would pick either http://www.mysite.com or http://mysite.com for your site and 301 redirect the one that your not using to the domain that you are using as search engines will see typically see the two sites as being two different websites and therefore they'll index both of them. This is really bad for SEO purposes as search engines see this as being duplicate content. : ) Paul Alkema Application Developer http://www.alkemadesigns.com/ On Tue, Nov 10, 2009 at 9:03 AM, Stefan Richter ste...@flashcomguru.comwrote: I'm using cflogin and cflogout on my site. A user is logged into http://www.mysite.com and then clicks log out. I run cflogout and redirect her to http://mysite.com (note I missed the www off). There seems to be some kind of double session going on when I previously logged into http://www.mysite.com as well as http://mysite.com because after the logout I still see to be logged in as the user who previously logged into the other respective site (of course there is only one site). I hope this makes sense. Is this expected behaviour? Stefan ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:328179 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: CFLogout confusion
Yes, I believe so. www is a 'subdomain', albeit a standard one, just like any other 'subdomain' (whatever.mysite.com for example) and each one represents a potentially different domain and therefore a different session. While you're correct on the important parts, www (in this case at least) is not a subdomain, it's a host name. A subdomain is a domain within a larger domain. For example, in the domain figleaf.com, I have hosts www and training, and you can get to those via HTTP. I also have a subdomain, gsa.figleaf.com, which contains its own hosts. To describe this even more accurately, figleaf.com is a subdomain of .com, and gsa.figleaf.com is a subdomain of figleaf.com. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:328181 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: CFLogout confusion
By default CF sets the cookie in only the domain it is on.mydomain.com But cfcookie does not let you set the domain name for the cookie. So you couldn't use the cookies session across sub domains. eg one.mydomain.com I have had situations where I had to overwrite the session cookies that CF sets on each request with cfheader, that way I could specify the .subdomain. This also allows you to use the HTTPOnly flag. cfheader name=Set-Cookie value=CFID=#SESSION.CFID#;path=/;domain=. mydomain.com;expires=MON, 21-Dec-2009 00:00:00 GMT;HTTPOnly; / cfheader name=Set-Cookie value=CFTOKEN=#SESSION.CFTOKEN#;path=/;domain=. mydomain.com;expires=MON, 21-Dec-2009 00:00:00 GMT;HTTPOnly; /) (note the dot in .mydomain.com) /K ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:328184 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: CFLogout confusion
I think I know what subdomains are and how they work, but www. - while technically a subdomain - is attached to the same vhost/site as the straight http version. That's why I am a bit confused. Cheers Stefan On 10 Nov 2009, at 15:08, Kevin Pepperman wrote: By default CF sets the cookie in only the domain it is on.mydomain.com But cfcookie does not let you set the domain name for the cookie. So you couldn't use the cookies session across sub domains. eg one.mydomain.com I have had situations where I had to overwrite the session cookies that CF sets on each request with cfheader, that way I could specify the .subdomain. This also allows you to use the HTTPOnly flag. cfheader name=Set-Cookie value=CFID=#SESSION.CFID#;path=/;domain=. mydomain.com;expires=MON, 21-Dec-2009 00:00:00 GMT;HTTPOnly; / cfheader name=Set-Cookie value=CFTOKEN=#SESSION.CFTOKEN#;path=/;domain=. mydomain.com;expires=MON, 21-Dec-2009 00:00:00 GMT;HTTPOnly; /) (note the dot in .mydomain.com) /K ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:328186 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
