Yes. If it were me, I would turn "setClientCookies=false" in the Applciation.cfc|cfm and then set them manually using:
<cfcookie name="cfid" value="#session.cfid#" secure=true/> <cfcookie name="cftoken" value="#session.cftoken#" secure=true/> If you google around a bit you can probably find some sample code for doing this. If you are using JSessionIDs (not cfid/cftoken) you'll be just setting that cookie but I would expect it to work in that case as well. Whole you're at it you might also pop open Chrome debugging or the like and verify that those are the only cookies being sent, just to make sure you don't have something else that trips you up. -Cameron On Tue, Mar 6, 2012 at 1:47 PM, Robert Rhodes <rrhode...@gmail.com> wrote: > > Ok, I am going to try to make the site work all ssl. I am concerned about > the video streaming over ssl, but I guess we will see how it goes. > > On a related subject: is there a way to make the jsessionid cookie secure > without making the jrun change? I ask because doing so affects all sites > on the server, and I had planed to run other sites on this particular > server. > > On Tue, Mar 6, 2012 at 12:59 PM, Cameron Childress <camer...@gmail.com > >wrote: > > > > > On Tue, Mar 6, 2012 at 11:55 AM, Robert Rhodes <rrhode...@gmail.com> > > wrote: > > > > > I hear you, but there are issues preventing me from going all https. > > It's > > > a long story. > > > > > > Is there a way to copy, with some code in the application.cfm, the > > > jsessionid between http and https so we don't lose the session state? > > > > > > > You could make this work, but then you would be exactly where you > currently > > are, and would again fail the PCI audit. I know you are looking for a > > "quick answer", but there isn't really a great easy option here. Many > shops > > spend literally months getting compliant, so this code change really > > doesn't seem so huge in comparison, even though I know if feel like it > is. > > > > You best solution, in the long term as well as the short run, is to make > > the code changes and just spend the time and money on it so it's right. > > > > -Cameron > > > > -- > > Cameron Childress > > -- > > p: 678.637.5072 > > im: cameroncf > > facebook <http://www.facebook.com/cameroncf> | > > twitter<http://twitter.com/cameronc> | > > google+ <https://profiles.google.com/u/0/117829379451708140985> > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350283 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
