in your cflocation tags you need to use addtoken="no" otherwise this can cause problems
the IE security setting may be down to the cookie acceptance policy, I don't know why that would make a difference, but worth comparing the 2 settings to see how it differs. On Fri, Mar 7, 2014 at 12:50 AM, Money Pit <websitema...@gmail.com> wrote: > > Nope I was down to one pair, and it was the pair just generated via the > cflocation. The code was doing its job. > > Another repeatable mystery: If I turn down IE8's security from the default > of Medium-High to Medium it will always fix the problem. Same as with > Private Browsing. > > > On Thu, Mar 6, 2014 at 4:19 PM, Russ Michaels <r...@michaels.me.uk> wrote: > > > > > so if you check the cookies after running your code, is there only one > cfid > > and cftoken, or is there still 2 > > > > > > On Fri, Mar 7, 2014 at 12:17 AM, Money Pit <websitema...@gmail.com> > wrote: > > > > > > > > Well you were right I had multiple values, but problem persists. Ran > code > > > below in OnRequestEnd.cfm and verified it was doing its job as expected > > > (deleting existing cookies, page reloads with new cfid and cftoken, and > > the > > > cReset cookie keeps it from happening all over again). The code didn't > > > hurt desktops that didn't have a problem, but it didn't help the ones > > that > > > did, unfortunately. never seen anything like this... I usually don't > > mess > > > with cookies. > > > > > > <cfif not isdefined("cookie.cReset")> > > > <cfloop > > > item="name" > > > collection="#cookie#"> > > > <cfcookie > > > name="#name#" > > > value="" > > > expires="now"> > > > </cfloop> > > > <cfcookie > > > name="cReset" > > > value="1"> > > > <cflocation url="#variables.CleanURL#" addtoken="No"> > > > > > > > > > On Thu, Mar 6, 2014 at 2:22 PM, Russ Michaels <r...@michaels.me.uk> > > wrote: > > > > > > > > > > > check the cookies that have been set in the browser, there are addons > > > that > > > > will show you this. > > > > see if there are multiple cfid/cftoken cookies set. > > > > if so, that is likely the issues, and deleting all cookies should > solve > > > it. > > > > > > > > > > > > On Thu, Mar 6, 2014 at 10:09 PM, Money Pit <websitema...@gmail.com> > > > wrote: > > > > > > > > > > > > > > New site version running at http://new.lelandwest.com On some > older > > > > > browsers (XP wkstns w/IE8 are definitely vulnerable) the site will > > not > > > > > maintain state - i.e. cfid and cftoken get new values on every page > > > visit > > > > > (they're displayed on screen right now). > > > > > > > > > > It doesn't always happen, even on the same workstation... if I get > a > > > > value > > > > > to stick it will stay for the session, but I came back to one > > > workstation > > > > > this afternoon it was back to cycling cfid's again. > > > > > > > > > > Opening a private browser window will always solve the problem. > With > > > > that > > > > > in mind, whats the best way to reset cookies on session start? I > am > > > > using > > > > > application.cfm. What could cause this? Underlying CF code from > the > > > > > current site has barely changed. > > > > > > > > > > -- > > > > > --m@Robertson-- > > > > > Janitor, The Robertson Team > > > > > mysecretbase.com > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357873 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm