There is a potential problem with cookies that have an effect on ColdFusion applications and while I have one fix, I'm hoping that there are other fixes. Lets say you have a site (www.site.com) which has a number of subsites (www1.site.com, www2.site.com). A cfapplication tag will assign different cookies for the cfid/cftoken per site. Lets say that after some development the cfapplication tag now sets domain cookies. This means that www, www1, and www2 should all have the same cfid/cftoken as they are the same domain (site.com). Here's the problem: I have a case where the www1 cfid/cftoken cookies exist as well as the domain cookies. When ColdFusion comes to a page with this duplicate cfid/cftoken cookies, it uses the more specific one (www1) rather than the expected domain cookie. Is there any way to force ColdFusion's session to be based on the domain cookie rather than the site specific one?
My solution is to detect if there are 2 cfid cookies available for the page and delete the site specific one using cfcookie expire=now. The problem with this is that it does not delete the 'root' cookie and the next time the same page is loaded, the duplicate cookies exist and have to be dealt with. Any ideas here? Michael Dinowitz President: House of Fusion (http://www.houseoffusion.com) Publisher: Fusion Authority (http://www.fusionauthority.com) Adobe Community Expert / Advanced Certified ColdFusion Professional ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Enterprise web applications, build robust, secure scalable apps today - Try it now ColdFusion Today ColdFusion 8 beta - Build next generation apps Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:285380 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
