Link to home
Create AccountLog in
Avatar of Michael Robinson
Michael RobinsonFlag for United States of America

asked on

Why does using <cflocation url="webpage.cfm" addtoken="no"> lose the CFID and CFtoken

Hi CF Gurus,

When I use the <cflocation> tag to take a visitor to a different page, I lose the CFID and CFToken and a new one is assigned. Plus it seems like a new session is started and the session variables are reset.

That's if I set addtoken="no"

But if I set addtoken="yes"  I keep the original CFID and CFtoken.

Why is this?  Is there a way around it?  Perhaps some setting in cfadmin.

I just need to understand what is happening.

Thanks in advance for your advice.

Michael
ASKER CERTIFIED SOLUTION
Avatar of gdemaria
gdemaria
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of Michael Robinson

ASKER

So here is what I have in the application.cfm

<cfapplication name="QESDB"
        clientmanagement="Yes"
        sessionmanagement="Yes"
        setclientcookies="No"
        setdomaincookies="Yes"
        sessiontimeout="#CreateTimeSpan(0,2,0,0)#"
        applicationtimeout="#CreateTimeSpan(1,0,0,0)#">

I had to set client cookies to no when I added some sub domains.  Does that make sense?

When we added the sub domains we were losing session variables as we crossed into the sub domains.  

Perhaps we did not have it set correctly.

To compensate I added this to the application.cfm:

<cfcookie name="CFID" value="#Session.CFID#" expires="never" domain="#CookieDomain#">
<cfcookie name="CFToken" value="#Session.CFToken#" expires="never" domain="#CookieDomain#">

That seemed to work, but perhaps it was a bad work around.
> I had to set client cookies to no when I added some sub domains.  Does that make sense?


I don't really understand that, why was that necessary.   My site runs 6 different subdomains and I haven't had a problem.

I think you need client cookies set to Yes..

  setclientcookies="No"

This should handle your domain level cookies, so you can remove your cfcookie code

        setdomaincookies="Yes"
ok, i will try that later tonight when things slow down.

Do you think this will work:

<cfapplication name="QESDB"
        clientmanagement="Yes"
        sessionmanagement="Yes"
        setclientcookies="Yes"
        setdomaincookies="Yes"
        sessiontimeout="#CreateTimeSpan(0,2,0,0)#"
        applicationtimeout="#CreateTimeSpan(1,0,0,0)#">


it is much different form than your example:

<cfset this.name = "myWebsite">
  <cfset this.applicationTimeout = createTimeSpan(0,4,0,0)>
  <cfset this.sessionManagement = true>
  <cfset this.setClientCookies  = true>
  <cfset this.sessionTimeout    = createTimeSpan(0,0,90,0)>
  <cfset this.setdomaincookies  = true>
The only difference between the two of those is that you have included

 clientmanagement="Yes"

in your application.cfm file.    

I would suggest saying "no" to this so that you are not tempted to use client variables (variables with the client. scope).    It's my personal opinion that these are useless variables, they are restricted in the data types and limited in size as they store the values in the computer's registry (dangerous).  Client scoped variables are easily replaced by either session scoped variables or cookies - so I don't see the point in them.

Other than that, our setup is the same.
do u actually use the cfapplication tag?

It seems with my set up, all of the setting s fit within the cfapplication tag whereas in your's, each setting is is in a cfset tag?

I ask because when we added sub domains, we could not get session variables to traverse the sub domains.  We spent 2-3 days trying all sorts of things.  Even the guy who hosts my server was at a loss.

Basically I noticed that the cookies for cfid / cftoken were not being written by coldfusion.

Thus I just wrote my own via the code in the application.cfm

It has worked for 9 months now.  But I worry that my work around may not be robust and would like to let cold fusion administer it's own cookies.

Hope that is not too confusing.
> do u actually use the cfapplication tag?

I am using application.cfc, the format is different, but the settings mean the same thing

> I ask because when we added sub domains, we could not get session variables to traverse the sub domains

Hmm, that is curious.  this setting did it for me... I have never had a problem  
 
   setdomaincookies="Yes"

I would create a page that dumps the session variables and cookies and view this page from the same browser, navigating to different sub domains, see what changes..
I've still left the old cfapplication settings in place because I can't risk breaking the web site right now.

I only have my laptop for development and the production server, with no test server that is identical to the production server.

I do need to study this more and sort out the client variable issues you mentioned.  

But that's all for a later date as I am close to getting a new product out the door, and that is my one and only focus.

Thx for all your help gdemaria