client variables will not work in ColdFusion on IE
Hi all, I hope someone can help: ColdFusion client variables will simply NOT work for me in Internet Explorer!!
I am attempting to use them to save user logins. Things to note:
1) This is on ColdFusion MX 7,0,2,142559 , Standard edition, running on UNIX
2) This is an old website we're talking about, and instead of using Application.cfc, it uses the old Application.cfm with a <cfapplication> tag.
3) I am viewing the page with Internet Explorer 7.0.5730.11 on a PC.
4) I have my security set to the lowest setting (accept all cookies) to make sure it isn't blocking the client vars for some reason.
Settings in the CF Administrator:
1) The DEFAULT storage mechanism for client variables is a datasource. However, I couldn't get storage working in this datasource (see another problem, https://www.experts-exchange.com/Software/Server_Software/Web_Servers/ColdFusion/Q_24091360.html), so for this application I set the clientstorage parameter to "cookie" to override this default. If I go into the administrator and set the default to cookie there as well, I still get the problem.
2) Purge Interval for client variables = 1hr 7mins (default).
3) Registry is set to Purge data for clients that remain unvisited for 90 days (default).
4) global client variable updates are disabled.
5) J2EE Session variables are enabled
Client variables DO work (or at least, they pass my very simple test) in Firefox [Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:126.96.36.199)].
The person I found who had the most similar problem is here:
His client variables didn't work anywhere, not just for a specific browser, and basically everyone said "wow" and told him to reinstall the server, which worked. But that was in 2005. I don't know what the story is now.
Listing 1: Application code<cfapplication name="my_company" applicationtimeout=#CreateTimeSpan(0, 2, 0, 0)# clientmanagement = "yes" clientstorage="cookie" setclientcookies = "yes" setdomaincookies = "no" sessionManagement = "yes" sessionTimeout=#CreateTimeSpan(0,0,20,0)# loginstorage="cookie" scriptProtect = "all"><!--- **** Line-by-line explanation **** 1. The application's name is my_company; it times out in 2 days. 2. Client variables are enabled; they are stored as a cookies on the user's browser; theySHOULD be stored in a data source but I get an error every time this happens (this is a separate problem; see above) 2a.On the client side, client variables are set in users' browsers as cookies; they should not be, but passing CFID and CFTOKEN data manually through links is not working (another problem; I guess I'll ask about it later) 3. Setdomaincookies is only meaningful for a clustered environment and is turned off. 4. Session variables are enabled for login; they time out in 20 minutes; login storage is handled in cookies. (I left this as the default, taking my cue from Ben Nadel, whose blog is really good: http://www.bennadel.com/blog/726-ColdFusion-Application-cfc-Tutorial-And-Application-cfc-Reference.htm . Ben says: "I have never used [loginstorage], so I am not exactly sure what that means. Defaults to cookie." I know that by setting cookie here I am giving up my goal of enabling logins for users without cookies, but I am willing to work with that for now--I wanted to leave this as is to not rock the boat with the MAIN problem.) 5. Built-in XSS protection is turned on--->Listing 2: simple test code<!--- if you didn't set the dummy client variable ---><cfif NOT isDefined("CLIENT.dummy")> <!--- set it (inside a lock, to be safe) ---> <cflock timeout=20 scope="CLIENT" type="Exclusive"> <cfset CLIENT.dummy = 1> </cflock> <!--- output that you've set it ---> client var set<br> <cfdump var="#CLIENT#"><br><!--- if you DID set it ---><cfelse> <!--- output it ---> <cfdump var="#CLIENT#"><br> client var output<br></cfif>