Avatar of masterorb
masterorb asked on

client variables will not work in ColdFusion on IE

Hi all, I hope someone can help: ColdFusion client variables will simply NOT work for me in Internet Explorer!!

I am attempting to use them to save user logins. Things to note:

1) This is on ColdFusion MX 7,0,2,142559 , Standard edition, running on UNIX  
2) This is an old website we're talking about, and instead of using Application.cfc, it uses the old Application.cfm with a <cfapplication> tag.
3) I am viewing the page with Internet Explorer 7.0.5730.11 on a PC.
4) I have my security set to the lowest setting (accept all cookies) to make sure it isn't blocking the client vars for some reason.

Settings in the CF Administrator:
1) The DEFAULT storage mechanism for client variables is a datasource. However, I couldn't get storage working in this datasource (see another problem, https://www.experts-exchange.com/Software/Server_Software/Web_Servers/ColdFusion/Q_24091360.html), so for this application I set the clientstorage parameter to "cookie" to override this default.  If I go into the administrator and set the default to cookie there as well, I still get the problem.
2) Purge Interval for client variables = 1hr 7mins (default).
3) Registry is set to Purge data for clients that remain unvisited for 90 days (default).
4)  global client variable updates  are disabled.
5) J2EE Session variables are enabled

Client variables DO work (or at least, they pass my very simple test) in Firefox [Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:].
The person I found who had the most similar problem is here:


His client variables didn't work anywhere, not just for a specific browser, and basically everyone said "wow" and told him to reinstall the server, which worked. But that was in 2005. I don't know what the story is now.


Listing 1: Application code
	name="my_company" applicationtimeout=#CreateTimeSpan(0, 2, 0, 0)# 
	clientmanagement = "yes" clientstorage="cookie" setclientcookies = "yes"	
	setdomaincookies = "no"
	sessionManagement = "yes" sessionTimeout=#CreateTimeSpan(0,0,20,0)# loginstorage="cookie"
	scriptProtect = "all">
<!--- **** Line-by-line explanation ****
	1. The application's name is my_company; it times out in 2 days.
	2. Client variables are enabled; they are stored as a cookies on the user's browser; they
SHOULD be stored in a data source but I get an error every time this 
happens (this is a separate problem; see above)
       2a.On the client side, client variables are set in users' browsers as cookies; they should 
not be, but passing CFID and CFTOKEN data manually through links is not working (another 
problem; I guess I'll ask about it later)
	3. Setdomaincookies is only meaningful for a clustered environment and is turned off.
	4. Session variables are enabled for login; they time out in 20 minutes; login storage is
 handled in cookies. (I left this as the default, taking my cue from Ben Nadel, whose blog is 
really good: http://www.bennadel.com/blog/726-ColdFusion-Application-cfc-Tutorial-And-Application-cfc-Reference.htm 
. Ben says: "I have never used [loginstorage], so I am not exactly sure what that means. 
Defaults to cookie." I know that by setting cookie here I am giving up my goal of enabling logins 
for users without cookies, but I am willing to work with that for now--I wanted to leave this as 
is to not rock the boat with the MAIN problem.)
	5. Built-in XSS protection is turned on
Listing 2: simple test code
<!--- if you didn't set the dummy client variable --->
<cfif NOT isDefined("CLIENT.dummy")>
       <!--- set it (inside a lock, to be safe) --->
	<cflock timeout=20 scope="CLIENT" type="Exclusive">
		<cfset CLIENT.dummy = 1>
       <!--- output that you've set it --->
	client var set<br>
	<cfdump var="#CLIENT#"><br>
<!--- if you DID set it --->
        <!--- output it --->
	<cfdump var="#CLIENT#"><br>
	client var output<br>

Open in new window

Web ServersColdFusion LanguageWeb Applications

Avatar of undefined
Last Comment

8/22/2022 - Mon

what about trying to set a cookie using cfcookie; does that work?

Good idea! I tried that with the attached code--didn't work. I tried before with cookie scope instead of client scope but before, I just did a cfset, not cfcookie, thought maybe it would be different. Does the code look alright?

<cfif NOT isDefined("COOKIE.dummy")>
	<cfcookie expires="never" name="dummy" value="Hi, I am a test cookie">
	Cookie var set<br>
	<cfdump var="#COOKIE#"><br>
	<cfdump var="#COOKIE#"><br>
	Cookie var output<br>

Open in new window


Also please note-- my other problem with storing client vars in a database got solved here:


So now client vars *are being stored in a database* instead of as cookies, but that hasn't fixed the problem.

Thank you!
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.

Note: I solved this problem. It was related to another problem I posted and this question should be deleted.

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question