Actually cookie storage for client variables is by far the best option, if your storing more than basic info in there you should rethink your application design. Secondly I am very sure that the Client scope is based on the current session as well and if that is not sticking your client variables will be different. Because the CFID & CFTOKEN will be different, you can verify this by looking into the documentation where it shows how the client storage require these tokens to be pulled up for that current session.
Peter, sorry but the 101 or the basics is clearly not what your saying. But as Dale said most people have not used client variables since the days of ColdFusion 5.0 or lower. Regards, Andrew Scott WebSite: http://www.andyscott.id.au/ Google+: http://plus.google.com/113032480415921517411 On Fri, Apr 4, 2014 at 10:28 PM, ColdGen Internet Solutions < coldgen.internet.soluti...@gmail.com> wrote: > At least try turning on the database option for client var storage. > ColdFusion 101 really... > On 04/04/2014 10:27 PM, "Dale Fraser" <d...@fraser.id.au> wrote: > >> Not different servers Peter different sub domains >> >> Regards >> Dale Fraser >> >> On 4 Apr 2014, at 10:25 pm, "ColdGen Internet Solutions" < >> coldgen.internet.soluti...@gmail.com> wrote: >> >> Make a database for client vars. Point all sites there. All servers >> should share the same client storage source. ColdFusion should do the rest. >> On 04/04/2014 10:00 PM, "Phil Rasmussen" <ara...@gmail.com> wrote: >> >>> Hey Peter. Not using Client Vars at all, it's set to storage = none in >>> CF Admin. Purely J2EE Session cookies so the persistence between subdomains >>> relies solely on the cookie which is where i'm stuck as none of my settings >>> appear to help with the persistence. >>> >>> On Friday, 4 April 2014 18:39:02 UTC+10, ColdGen Internet Solutions >>> wrote: >>>> >>>> Are you using the SAME database for storing Client Variables across all >>>> of the domains? (and not storing as cookie or in registry). >>>> >>>> Just checking! >>>> >>>> >>>> >>>> *Peter Tilbrook* >>>> Web Administrator, The Club Group Pty. Ltd. >>>> Managing Director, ColdGen Internet Solutions >>>> Professional Adobe ColdFusion Application Development >>>> President, ACT and Region ColdFusion Users Group >>>> PO Box 2247 >>>> Queanbeyan, NSW, 2620 >>>> AUSTRALIA >>>> >>>> *Telephone:* +61-2-6104-9981 >>>> *Mobile:* +61-2-047-623-579 >>>> >>>> *Email Address:* peter.t...@coldgen.com >>>> *WWW:* http://www.coldgen.com/ >>>> *Twitter:* @ColdGen >>>> >>>> *ABN:* 80 826 226 128 >>>> >>>> >>>> On 4 April 2014 18:48, Phil Rasmussen <ara...@gmail.com> wrote: >>>> >>>>> Hi Dmitry >>>>> >>>>> I have read over that article a few days back and unfortunately it >>>>> hasn't helped my problem. I'm also not entirely sure what she means with >>>>> regards to changing config settings for J2EE so i've responded to her to >>>>> get further information. >>>>> >>>>> Charlie i've been retesting with your suggestions today and tried a >>>>> variation of the cookie manual setting with the encodeValue set to true >>>>> and >>>>> false, in addition to playing around with the domain mask as either ". >>>>> domain.com" or "*.domain.com" neither of which seem to work. I have >>>>> noticed using web inspector there on occasion appears to be 2 identical >>>>> JSESSIONID's getting set and sometimes one of them has a slight difference >>>>> in the encoding which is probably due to the fact I was mucking around >>>>> with >>>>> these encodeValue settings and not clearing my existing cookies. Either >>>>> way >>>>> I just cannot get the sessions to stick when jumping between subdomains >>>>> and >>>>> I keep getting issued with a fresh JSESSIONID token. >>>>> >>>>> I'm wondering if there is a Tomcat config setting or something deeper >>>>> to help with this cross domain session management as I can't think of >>>>> anything else. >>>>> >>>>> Cheers >>>>> Phil >>>>> >>>>> >>>>> >>>>> On Thursday, 3 April 2014 14:53:13 UTC+10, Dmitry Yakhnov wrote: >>>>>> >>>>>> Hi Phil, >>>>>> >>>>>> This post seems to be pretty relevant to your problem: >>>>>> http://www.shilpikhariwal.com/2012/02/how-to-secure-coldfusi >>>>>> on-session.html >>>>>> >>>>>> In the end it says: >>>>>> *Note: all these configurations we discussed are valid for CF session >>>>>> cookies and Authentication cookies. For JSESSIONID, one needs to make >>>>>> changes in server related configurations.* >>>>>> >>>>>> So probably direct edit of config files is involved. >>>>>> >>>>>> Cheers, >>>>>> Dmitry. >>>>>> >>>>>> On Thursday, 3 April 2014 09:26:13 UTC+11, Phil Rasmussen wrote: >>>>>>> >>>>>>> Hi Guys >>>>>>> >>>>>>> Just wondering if anyone has come across an issue in CF10 whereby >>>>>>> sessions are dropped when crossing between HTTP and HTTPS, even though >>>>>>> the >>>>>>> JSESSIONID is being explicitly passed in these links which had worked >>>>>>> for >>>>>>> us for over 5 years without fail prior to CF10. From what I have read >>>>>>> there >>>>>>> appears to be a big change to address the Session Fixation security >>>>>>> issues >>>>>>> which would explain the HTTP/HTTPS drops but I can't find a workaround >>>>>>> for >>>>>>> this. >>>>>>> >>>>>>> Essentially we have CF10 installed with J2EE Session Management >>>>>>> turned on, and the default HTTPOnly set to true. In the application the >>>>>>> domain structure looks as follows: >>>>>>> >>>>>>> https://book.domain.com >>>>>>> http://profile.domain.com >>>>>>> http://approve.domain.com >>>>>>> >>>>>>> When crossing between the domains (which had worked for many years >>>>>>> prior) the session drops and CF issues a new set of session >>>>>>> identifiers. In >>>>>>> order to try and bypass the SSL issue, i've switch the entire >>>>>>> application >>>>>>> over the HTTPS so at no stage will the session or cookies be served over >>>>>>> HTTP, which works fine if the user doesn't cross domains, but the >>>>>>> moment a >>>>>>> different subdomain is clicked (ie to make a booking) then the session >>>>>>> drops. >>>>>>> >>>>>>> Even setting a cookie in the onSessionStart() as follows has no >>>>>>> effect: >>>>>>> >>>>>>> <cfcookie name="jsessionid" value="#session.sessionid#" domain=". >>>>>>> domain.com"> >>>>>>> >>>>>>> Has anyone come across this behaviour migrating to CF10? >>>>>>> >>>>>>> Cheers >>>>>>> Phil >>>>>>> >>>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "cfaussie" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to cfaussie+u...@googlegroups.com. >>>>> To post to this group, send email to cfau...@googlegroups.com. >>>>> Visit this group at http://groups.google.com/group/cfaussie. >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> >>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "cfaussie" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to cfaussie+unsubscr...@googlegroups.com. >>> To post to this group, send email to cfaussie@googlegroups.com. >>> Visit this group at http://groups.google.com/group/cfaussie. >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "cfaussie" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to cfaussie+unsubscr...@googlegroups.com. >> To post to this group, send email to cfaussie@googlegroups.com. >> Visit this group at http://groups.google.com/group/cfaussie. >> For more options, visit https://groups.google.com/d/optout. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "cfaussie" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to cfaussie+unsubscr...@googlegroups.com. >> To post to this group, send email to cfaussie@googlegroups.com. >> Visit this group at http://groups.google.com/group/cfaussie. >> For more options, visit https://groups.google.com/d/optout. >> > -- > You received this message because you are subscribed to the Google Groups > "cfaussie" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cfaussie+unsubscr...@googlegroups.com. > To post to this group, send email to cfaussie@googlegroups.com. > Visit this group at http://groups.google.com/group/cfaussie. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "cfaussie" group. To unsubscribe from this group and stop receiving emails from it, send an email to cfaussie+unsubscr...@googlegroups.com. To post to this group, send email to cfaussie@googlegroups.com. Visit this group at http://groups.google.com/group/cfaussie. For more options, visit https://groups.google.com/d/optout.
