Michael Robinson
asked on
Why does using <cflocation url="webpage.cfm" addtoken="no"> lose the CFID and CFtoken
Hi CF Gurus,
When I use the <cflocation> tag to take a visitor to a different page, I lose the CFID and CFToken and a new one is assigned. Plus it seems like a new session is started and the session variables are reset.
That's if I set addtoken="no"
But if I set addtoken="yes" I keep the original CFID and CFtoken.
Why is this? Is there a way around it? Perhaps some setting in cfadmin.
I just need to understand what is happening.
Thanks in advance for your advice.
Michael
When I use the <cflocation> tag to take a visitor to a different page, I lose the CFID and CFToken and a new one is assigned. Plus it seems like a new session is started and the session variables are reset.
That's if I set addtoken="no"
But if I set addtoken="yes" I keep the original CFID and CFtoken.
Why is this? Is there a way around it? Perhaps some setting in cfadmin.
I just need to understand what is happening.
Thanks in advance for your advice.
Michael
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
> I had to set client cookies to no when I added some sub domains. Does that make sense?
I don't really understand that, why was that necessary. My site runs 6 different subdomains and I haven't had a problem.
I think you need client cookies set to Yes..
setclientcookies="No"
This should handle your domain level cookies, so you can remove your cfcookie code
setdomaincookies="Yes"
I don't really understand that, why was that necessary. My site runs 6 different subdomains and I haven't had a problem.
I think you need client cookies set to Yes..
setclientcookies="No"
This should handle your domain level cookies, so you can remove your cfcookie code
setdomaincookies="Yes"
ASKER
ok, i will try that later tonight when things slow down.
Do you think this will work:
<cfapplication name="QESDB"
clientmanagement="Yes"
sessionmanagement="Yes"
setclientcookies="Yes"
setdomaincookies="Yes"
sessiontimeout="#CreateTim eSpan(0,2, 0,0)#"
applicationtimeout="#Creat eTimeSpan( 1,0,0,0)#" >
it is much different form than your example:
<cfset this.name = "myWebsite">
<cfset this.applicationTimeout = createTimeSpan(0,4,0,0)>
<cfset this.sessionManagement = true>
<cfset this.setClientCookies = true>
<cfset this.sessionTimeout = createTimeSpan(0,0,90,0)>
<cfset this.setdomaincookies = true>
Do you think this will work:
<cfapplication name="QESDB"
clientmanagement="Yes"
sessionmanagement="Yes"
setclientcookies="Yes"
setdomaincookies="Yes"
sessiontimeout="#CreateTim
applicationtimeout="#Creat
it is much different form than your example:
<cfset this.name = "myWebsite">
<cfset this.applicationTimeout = createTimeSpan(0,4,0,0)>
<cfset this.sessionManagement = true>
<cfset this.setClientCookies = true>
<cfset this.sessionTimeout = createTimeSpan(0,0,90,0)>
<cfset this.setdomaincookies = true>
The only difference between the two of those is that you have included
clientmanagement="Yes"
in your application.cfm file.
I would suggest saying "no" to this so that you are not tempted to use client variables (variables with the client. scope). It's my personal opinion that these are useless variables, they are restricted in the data types and limited in size as they store the values in the computer's registry (dangerous). Client scoped variables are easily replaced by either session scoped variables or cookies - so I don't see the point in them.
Other than that, our setup is the same.
clientmanagement="Yes"
in your application.cfm file.
I would suggest saying "no" to this so that you are not tempted to use client variables (variables with the client. scope). It's my personal opinion that these are useless variables, they are restricted in the data types and limited in size as they store the values in the computer's registry (dangerous). Client scoped variables are easily replaced by either session scoped variables or cookies - so I don't see the point in them.
Other than that, our setup is the same.
ASKER
do u actually use the cfapplication tag?
It seems with my set up, all of the setting s fit within the cfapplication tag whereas in your's, each setting is is in a cfset tag?
I ask because when we added sub domains, we could not get session variables to traverse the sub domains. We spent 2-3 days trying all sorts of things. Even the guy who hosts my server was at a loss.
Basically I noticed that the cookies for cfid / cftoken were not being written by coldfusion.
Thus I just wrote my own via the code in the application.cfm
It has worked for 9 months now. But I worry that my work around may not be robust and would like to let cold fusion administer it's own cookies.
Hope that is not too confusing.
It seems with my set up, all of the setting s fit within the cfapplication tag whereas in your's, each setting is is in a cfset tag?
I ask because when we added sub domains, we could not get session variables to traverse the sub domains. We spent 2-3 days trying all sorts of things. Even the guy who hosts my server was at a loss.
Basically I noticed that the cookies for cfid / cftoken were not being written by coldfusion.
Thus I just wrote my own via the code in the application.cfm
It has worked for 9 months now. But I worry that my work around may not be robust and would like to let cold fusion administer it's own cookies.
Hope that is not too confusing.
> do u actually use the cfapplication tag?
I am using application.cfc, the format is different, but the settings mean the same thing
> I ask because when we added sub domains, we could not get session variables to traverse the sub domains
Hmm, that is curious. this setting did it for me... I have never had a problem
setdomaincookies="Yes"
I would create a page that dumps the session variables and cookies and view this page from the same browser, navigating to different sub domains, see what changes..
I am using application.cfc, the format is different, but the settings mean the same thing
> I ask because when we added sub domains, we could not get session variables to traverse the sub domains
Hmm, that is curious. this setting did it for me... I have never had a problem
setdomaincookies="Yes"
I would create a page that dumps the session variables and cookies and view this page from the same browser, navigating to different sub domains, see what changes..
ASKER
I've still left the old cfapplication settings in place because I can't risk breaking the web site right now.
I only have my laptop for development and the production server, with no test server that is identical to the production server.
I do need to study this more and sort out the client variable issues you mentioned.
But that's all for a later date as I am close to getting a new product out the door, and that is my one and only focus.
Thx for all your help gdemaria
I only have my laptop for development and the production server, with no test server that is identical to the production server.
I do need to study this more and sort out the client variable issues you mentioned.
But that's all for a later date as I am close to getting a new product out the door, and that is my one and only focus.
Thx for all your help gdemaria
ASKER
<cfapplication name="QESDB"
clientmanagement="Yes"
sessionmanagement="Yes"
setclientcookies="No"
setdomaincookies="Yes"
sessiontimeout="#CreateTim
applicationtimeout="#Creat
I had to set client cookies to no when I added some sub domains. Does that make sense?
When we added the sub domains we were losing session variables as we crossed into the sub domains.
Perhaps we did not have it set correctly.
To compensate I added this to the application.cfm:
<cfcookie name="CFID" value="#Session.CFID#" expires="never" domain="#CookieDomain#">
<cfcookie name="CFToken" value="#Session.CFToken#" expires="never" domain="#CookieDomain#">
That seemed to work, but perhaps it was a bad work around.