Not a dumb question at all. As dumb a mistake as that is, I've done it many times.
However, in this case, I've cleared the cookies and checked multiple browsers. What has changed - and I should have mentioned this before - is that the CFID and CFTOKEN cookies are no longer http-only. However, the jsessionid is still http-only. Guess I could turn off the use of jsessions, but obviously I'd rather not do that. On Mon, Oct 7, 2013 at 10:48 AM, Dave Watts <dwa...@figleaf.com> wrote: > > > I've tried your suggestions, and (assuming I'm changing the correct > files), > > the cookies are still httpOnly. > > This may be a dumb question, but have you cleared your browser's > cookies before retesting? > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > http://training.figleaf.com/ > > Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on > GSA Schedule, and provides the highest caliber vendor-authorized > instruction at our training centers, online, or onsite. > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:356890 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
