Link to home
Start Free TrialLog in
Avatar of masterorb

asked on

client variables will not work in ColdFusion on IE

Hi all, I hope someone can help: ColdFusion client variables will simply NOT work for me in Internet Explorer!!

I am attempting to use them to save user logins. Things to note:

1) This is on ColdFusion MX 7,0,2,142559 , Standard edition, running on UNIX  
2) This is an old website we're talking about, and instead of using Application.cfc, it uses the old Application.cfm with a <cfapplication> tag.
3) I am viewing the page with Internet Explorer 7.0.5730.11 on a PC.
4) I have my security set to the lowest setting (accept all cookies) to make sure it isn't blocking the client vars for some reason.

Settings in the CF Administrator:
1) The DEFAULT storage mechanism for client variables is a datasource. However, I couldn't get storage working in this datasource (see another problem,, so for this application I set the clientstorage parameter to "cookie" to override this default.  If I go into the administrator and set the default to cookie there as well, I still get the problem.
2) Purge Interval for client variables = 1hr 7mins (default).
3) Registry is set to Purge data for clients that remain unvisited for 90 days (default).
4)  global client variable updates  are disabled.
5) J2EE Session variables are enabled

Client variables DO work (or at least, they pass my very simple test) in Firefox [Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:].
The person I found who had the most similar problem is here:

His client variables didn't work anywhere, not just for a specific browser, and basically everyone said "wow" and told him to reinstall the server, which worked. But that was in 2005. I don't know what the story is now.


Listing 1: Application code
	name="my_company" applicationtimeout=#CreateTimeSpan(0, 2, 0, 0)# 
	clientmanagement = "yes" clientstorage="cookie" setclientcookies = "yes"	
	setdomaincookies = "no"
	sessionManagement = "yes" sessionTimeout=#CreateTimeSpan(0,0,20,0)# loginstorage="cookie"
	scriptProtect = "all">
<!--- **** Line-by-line explanation ****
	1. The application's name is my_company; it times out in 2 days.
	2. Client variables are enabled; they are stored as a cookies on the user's browser; they
SHOULD be stored in a data source but I get an error every time this 
happens (this is a separate problem; see above)
       2a.On the client side, client variables are set in users' browsers as cookies; they should 
not be, but passing CFID and CFTOKEN data manually through links is not working (another 
problem; I guess I'll ask about it later)
	3. Setdomaincookies is only meaningful for a clustered environment and is turned off.
	4. Session variables are enabled for login; they time out in 20 minutes; login storage is
 handled in cookies. (I left this as the default, taking my cue from Ben Nadel, whose blog is 
really good: 
. Ben says: "I have never used [loginstorage], so I am not exactly sure what that means. 
Defaults to cookie." I know that by setting cookie here I am giving up my goal of enabling logins 
for users without cookies, but I am willing to work with that for now--I wanted to leave this as 
is to not rock the boat with the MAIN problem.)
	5. Built-in XSS protection is turned on
Listing 2: simple test code
<!--- if you didn't set the dummy client variable --->
<cfif NOT isDefined("CLIENT.dummy")>
       <!--- set it (inside a lock, to be safe) --->
	<cflock timeout=20 scope="CLIENT" type="Exclusive">
		<cfset CLIENT.dummy = 1>
       <!--- output that you've set it --->
	client var set<br>
	<cfdump var="#CLIENT#"><br>
<!--- if you DID set it --->
        <!--- output it --->
	<cfdump var="#CLIENT#"><br>
	client var output<br>

Open in new window

Avatar of duncancumming
Flag of United Kingdom of Great Britain and Northern Ireland image

what about trying to set a cookie using cfcookie; does that work?
Avatar of masterorb


Good idea! I tried that with the attached code--didn't work. I tried before with cookie scope instead of client scope but before, I just did a cfset, not cfcookie, thought maybe it would be different. Does the code look alright?

<cfif NOT isDefined("COOKIE.dummy")>
	<cfcookie expires="never" name="dummy" value="Hi, I am a test cookie">
	Cookie var set<br>
	<cfdump var="#COOKIE#"><br>
	<cfdump var="#COOKIE#"><br>
	Cookie var output<br>

Open in new window

Also please note-- my other problem with storing client vars in a database got solved here:

So now client vars *are being stored in a database* instead of as cookies, but that hasn't fixed the problem.

Thank you!
Note: I solved this problem. It was related to another problem I posted and this question should be deleted.
Avatar of masterorb

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial