Hi Guys,
I am having a problem with one of my session applications.
Basically, I am cutting out the cookie that is planted by
cfapplication, in lieu of the IE6 Third-Party cookie denial by default.
(My code is generating a part of a website for another domain.)
MY APPLICATION.CFM does the following:
<cfapplication name="theAPP"
clientmanagement="Yes"
sessionmanagement="Yes"
setclientcookies="No"
sessiontimeout="#CreateTimeSpan(0,0,20,0)#"
applicationtimeout="#CreateTimeSpan(1,0,20,0)#">
<cflock timeout="30" throwontimeout="Yes" name="SessionLock">
<cfparam name="Session.autotoken" default="?
CFID=#session.cfid#&CFTOKEN=#session.cftoken#">
<cfparam name="Session.XXautotoken"
default="&CFID=#session.cfid#&CFTOKEN=#session.cftoken#">
</cflock>
SO, at this point, the CFID and CFTOKEN should be stored in
session.autotoken and session.XXautotoken respectively, correct?
(I am referencing
http://www.cfhub.com/adavanced/managing_state/cookies.cfm)
Now, when the application goes into the main menu after logging in to
the system and creating the session, I have it generate a link with the
#XXAutoToken# embedded.
When I go to browse it on the browser, do a View Source, it shows the
CFID as being incremented by 1 (+1). Meaning, if my CFID in my Address
bar in my browser is 28303, the one embedded in the page it self is
28304. Also, obviously, it changes the CFTOKEN.
To me, it seems to be regenerating the CFID / CFTOKEN somehow. I am
sure someone has seen this already, thoughts / comments would be
appreciated.
Thanks in Advance,
Jas
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
