Great to hear all is finally working for you, Phil. Can you clarify, then, what’s different from when you first posted here? In other words, what do you think made things finally “work”?
You had showed already using the domain attribute in your original post, so that wasn’t it. Was it the clearing of cookies, perhaps? (That’s why I had made the point in my first reply about checking in a browser dev tool about duplicates.) Or was it maybe that the cookies you created looked different than you expected (which is why I’d mentioned the new encodvalue attribute). As I’d said, I’ve seen those both be key to problems like yours. But just to be sure, was there something else also? It may help others who hit this in the future. /charlie From: cfaussie@googlegroups.com [mailto:cfaussie@googlegroups.com] On Behalf Of Phil Rasmussen Sent: Sunday, April 06, 2014 10:10 PM To: cfaussie@googlegroups.com Subject: Re: [cfaussie] CF10 Cross Domain sessions with HTTPS Dale I've used a combination of the Application specific sessioncookies.domain and the manual cookie set in the onSessionStart and it appears to be working which is odd? Previously i had tried these settings independently thinking the combination was pointless but I've tried in 3 different browsers and the session token holds when crossing between sub-domains. I'm not complaining though! Good point about the cookies getting confused as I had seen that earlier with a very old non-domain scoped jsession cookie remaining dormant on the browser and causing a double up with the new domain specific cookie declaration. Everything appears to now be running over J2EE sessions with secure cookies, full HTTPS, and browser based cookies only which satisfies our PCI obligations. Thanks for your help everyone! -- You received this message because you are subscribed to the Google Groups "cfaussie" group. To unsubscribe from this group and stop receiving emails from it, send an email to cfaussie+unsubscr...@googlegroups.com. To post to this group, send email to cfaussie@googlegroups.com. Visit this group at http://groups.google.com/group/cfaussie. For more options, visit https://groups.google.com/d/optout.