Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Setting and retrieving the value of a cfcookie

Posted on 2009-05-07
9
Medium Priority
?
533 Views
Last Modified: 2013-12-24
I am trying to set a cookie and retrieve its value on another page.  For some reason it is not working. please examine my code and help me understand why.

Thanks in advance.
WHERE THE COOKIE IS SET........
<cfoutput>
               <cfset algorithm = "BLOWFISH">
	<cfset encoding = "HEX">
	<cfset cookieUsername = "#FORM.username#">
	<cfset cookiePassword = "#FORM.password#">
	<cfset cookieKey = generateSecretKey("#algorithm#")>
	<cfset cookiePasswordEncrypted= encrypt("#cookiePassword#", "#cookieKey#", "#algorithm#", "#encoding#")>
	<cfset cookiePasswordDecrypted=decrypt("#cookiePasswordEncrypted#", "#cookieKey#", "#algorithm#", "#encoding#")>
	<cfcookie name="username" value="#cookieUsername#" expires="#DateAdd("n",20,NOW())#" >
	<cfcookie name="passwordEncrypted" value="#cookiePasswordEncrypted#" expires="#DateAdd("n",20,NOW())#" >
	<cfcookie name="key" value="#cookieKey#" expires="#DateAdd("n",20,NOW())#">
</cfoutput>
 
 
WHERE THE COOKIES IS CALLED ON ANOTHER PAGE....
						<cfif isDefined("cookie.username")>
							Username::  <cfoutput>#cookie.username#</cfoutput>
						<cfelse>
							Cookie is NOT defined
						</cfif>

Open in new window

0
Comment
Question by:onaled777
  • 5
  • 3
9 Comments
 
LVL 63

Accepted Solution

by:
Zvonko earned 1600 total points
ID: 24328817
The cookie scopes are defined in Realms.
One relam is the folder level from web server root and all subfolders from that level.

If you want to be on the secure side to get allways all cookies from every folder level then set the cooke path to web server root folder, that is the single forward slash:
path="/"


<cfcookie name="username" path="/" value="#cookieUsername#" expires="#DateAdd("n",20,NOW())#" >

Open in new window

0
 

Author Comment

by:onaled777
ID: 24329381
Oddly enough adding the path="/" threw an error on my  page.

Nevertheless, the objective is to create a global cookie...one that is accessed from several domains.  

If you could throw some light on that too it would be appreciated.
0
 
LVL 63

Expert Comment

by:Zvonko
ID: 24329451
Several domains will ONLY work IF one common domain level exist.
Otherwise sharing cookies betwean domains is not possible.
The common domain means this:
You have three servers:
www1.company.com
www2.company.com
www3.company.com

Then the domain part of the cookie is: .company.com

If you have:
www1.dev.company.com
www2.app.company.com
www3.app.company.com

Then two levels would also work: .app.company.com

But what never will work is this:
www.company1.com
www.company2.com
www.company3.com

You have no common domain part and therefore no cookie sharing.
No cookie sharing also for web servers without domain name or IP addressing.



0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
LVL 63

Expert Comment

by:Zvonko
ID: 24329542
And you are right, for some strange reasons needs path= also the domain= attribute:
<cfcookie name="username" path="/" domain="" value="#cookieUsername#" expires="#DateAdd("n",20,NOW())#" >

Open in new window

0
 
LVL 63

Expert Comment

by:Zvonko
ID: 24329553
Of course better is to put your real domain suffix there:
<cfcookie name="username" path="/" domain=".yourdomain.com" value="#cookieUsername#" expires="#DateAdd("n",20,NOW())#" >

Open in new window

0
 

Author Comment

by:onaled777
ID: 24330499
I have made the changes as you suggested yet I am still having trouble assessing the simple string::

#cfcookie.username#

from the index page of press.mydomain.com.

Any direction you can provide would be appreciated.
	<cfset algorithm = "BLOWFISH">
	<cfset encoding = "HEX">
	<cfset cookieUsername = "#FORM.username#">
	<cfset cookiePassword = "#FORM.password#">
	<cfset cookieKey = generateSecretKey("#algorithm#")>
	<cfset cookiePasswordEncrypted= encrypt("#cookiePassword#", "#cookieKey#", "#algorithm#", "#encoding#")>
	<cfset cookiePasswordDecrypted=decrypt("#cookiePasswordEncrypted#", "#cookieKey#", "#algorithm#", "#encoding#")>
	<cfcookie name="username" value="#cookieUsername#" expires="#DateAdd("n",20,NOW())#" path="/" domain=".mydomain.com">
	<cfcookie name="passwordEncrypted" value="#cookiePasswordEncrypted#" expires="#DateAdd("n",20,NOW())#" path="/" domain=".mydomain.com">
	<cfcookie name="key" value="#cookieKey#" expires="#DateAdd("n",20,NOW())#" path="/" domain=".mydomain.com">

Open in new window

0
 
LVL 63

Expert Comment

by:Zvonko
ID: 24331088
It works for me when I put domain like this:
        <cfcookie name="username" value="#cookieUsername#" expires="#DateAdd("n",20,NOW())#" path="/" domain="">
        <cfcookie name="passwordEncrypted" value="#cookiePasswordEncrypted#" expires="#DateAdd("n",20,NOW())#" path="/" domain="">
        <cfcookie name="key" value="#cookieKey#" expires="#DateAdd("n",20,NOW())#" path="/" domain="">

Open in new window

0
 
LVL 27

Assisted Solution

by:azadisaryev
azadisaryev earned 400 total points
ID: 24332740
it works just fine for me without path or domain attributes on localhost...

make sure you DO NOT have a <cflocation> tag in same page that sets your cookies...


PS: iirc, path and domain attribs only useful for secure cookies, i.e. over SSL connection... and yes, they both must be specified.

Azadi
0
 

Author Comment

by:onaled777
ID: 24335803
thank you very much...I figured out that the code was simply located in the wrong branch of an if statement.  
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most ColdFusion developers get confused between the CFSet, Duplicate, and Structcopy methods of copying a Structure, especially which one to use when. This Article will explain the differences in the approaches with examples; therefore, after readin…
When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and pr…
Integration Management Part 2
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question