Solved

Setting and retrieving the value of a cfcookie

Posted on 2009-05-07
9
517 Views
Last Modified: 2013-12-24
I am trying to set a cookie and retrieve its value on another page.  For some reason it is not working. please examine my code and help me understand why.

Thanks in advance.
WHERE THE COOKIE IS SET........

<cfoutput>

               <cfset algorithm = "BLOWFISH">

	<cfset encoding = "HEX">

	<cfset cookieUsername = "#FORM.username#">

	<cfset cookiePassword = "#FORM.password#">

	<cfset cookieKey = generateSecretKey("#algorithm#")>

	<cfset cookiePasswordEncrypted= encrypt("#cookiePassword#", "#cookieKey#", "#algorithm#", "#encoding#")>

	<cfset cookiePasswordDecrypted=decrypt("#cookiePasswordEncrypted#", "#cookieKey#", "#algorithm#", "#encoding#")>

	<cfcookie name="username" value="#cookieUsername#" expires="#DateAdd("n",20,NOW())#" >

	<cfcookie name="passwordEncrypted" value="#cookiePasswordEncrypted#" expires="#DateAdd("n",20,NOW())#" >

	<cfcookie name="key" value="#cookieKey#" expires="#DateAdd("n",20,NOW())#">

</cfoutput>
 
 

WHERE THE COOKIES IS CALLED ON ANOTHER PAGE....

						<cfif isDefined("cookie.username")>

							Username::  <cfoutput>#cookie.username#</cfoutput>

						<cfelse>

							Cookie is NOT defined

						</cfif>

Open in new window

0
Comment
Question by:onaled777
  • 5
  • 3
9 Comments
 
LVL 63

Accepted Solution

by:
Zvonko earned 400 total points
Comment Utility
The cookie scopes are defined in Realms.
One relam is the folder level from web server root and all subfolders from that level.

If you want to be on the secure side to get allways all cookies from every folder level then set the cooke path to web server root folder, that is the single forward slash:
path="/"


<cfcookie name="username" path="/" value="#cookieUsername#" expires="#DateAdd("n",20,NOW())#" >

Open in new window

0
 

Author Comment

by:onaled777
Comment Utility
Oddly enough adding the path="/" threw an error on my  page.

Nevertheless, the objective is to create a global cookie...one that is accessed from several domains.  

If you could throw some light on that too it would be appreciated.
0
 
LVL 63

Expert Comment

by:Zvonko
Comment Utility
Several domains will ONLY work IF one common domain level exist.
Otherwise sharing cookies betwean domains is not possible.
The common domain means this:
You have three servers:
www1.company.com
www2.company.com
www3.company.com

Then the domain part of the cookie is: .company.com

If you have:
www1.dev.company.com
www2.app.company.com
www3.app.company.com

Then two levels would also work: .app.company.com

But what never will work is this:
www.company1.com
www.company2.com
www.company3.com

You have no common domain part and therefore no cookie sharing.
No cookie sharing also for web servers without domain name or IP addressing.



0
 
LVL 63

Expert Comment

by:Zvonko
Comment Utility
And you are right, for some strange reasons needs path= also the domain= attribute:
<cfcookie name="username" path="/" domain="" value="#cookieUsername#" expires="#DateAdd("n",20,NOW())#" >

Open in new window

0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 
LVL 63

Expert Comment

by:Zvonko
Comment Utility
Of course better is to put your real domain suffix there:
<cfcookie name="username" path="/" domain=".yourdomain.com" value="#cookieUsername#" expires="#DateAdd("n",20,NOW())#" >

Open in new window

0
 

Author Comment

by:onaled777
Comment Utility
I have made the changes as you suggested yet I am still having trouble assessing the simple string::

#cfcookie.username#

from the index page of press.mydomain.com.

Any direction you can provide would be appreciated.
	<cfset algorithm = "BLOWFISH">

	<cfset encoding = "HEX">

	<cfset cookieUsername = "#FORM.username#">

	<cfset cookiePassword = "#FORM.password#">

	<cfset cookieKey = generateSecretKey("#algorithm#")>

	<cfset cookiePasswordEncrypted= encrypt("#cookiePassword#", "#cookieKey#", "#algorithm#", "#encoding#")>

	<cfset cookiePasswordDecrypted=decrypt("#cookiePasswordEncrypted#", "#cookieKey#", "#algorithm#", "#encoding#")>

	<cfcookie name="username" value="#cookieUsername#" expires="#DateAdd("n",20,NOW())#" path="/" domain=".mydomain.com">

	<cfcookie name="passwordEncrypted" value="#cookiePasswordEncrypted#" expires="#DateAdd("n",20,NOW())#" path="/" domain=".mydomain.com">

	<cfcookie name="key" value="#cookieKey#" expires="#DateAdd("n",20,NOW())#" path="/" domain=".mydomain.com">

Open in new window

0
 
LVL 63

Expert Comment

by:Zvonko
Comment Utility
It works for me when I put domain like this:
        <cfcookie name="username" value="#cookieUsername#" expires="#DateAdd("n",20,NOW())#" path="/" domain="">

        <cfcookie name="passwordEncrypted" value="#cookiePasswordEncrypted#" expires="#DateAdd("n",20,NOW())#" path="/" domain="">

        <cfcookie name="key" value="#cookieKey#" expires="#DateAdd("n",20,NOW())#" path="/" domain="">

Open in new window

0
 
LVL 27

Assisted Solution

by:azadisaryev
azadisaryev earned 100 total points
Comment Utility
it works just fine for me without path or domain attributes on localhost...

make sure you DO NOT have a <cflocation> tag in same page that sets your cookies...


PS: iirc, path and domain attribs only useful for secure cookies, i.e. over SSL connection... and yes, they both must be specified.

Azadi
0
 

Author Comment

by:onaled777
Comment Utility
thank you very much...I figured out that the code was simply located in the wrong branch of an if statement.  
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

This is a guide to setting up a new WHM/cPanel Server to be used for web hosting accounts. It is intended for web hosting company administrators and dedicated server owners. For under $99 per month (considering normal rate of Big Data Cetnters like …
One of the typical problems I have experienced is when you have to move a web server from one hosting site to another. You normally prepare all on the new host, transfer the site, change DNS and cross your fingers hoping all will be ok on new server…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now