Re: Setting Cookie Secure, Domain, Path
Thanks for the info Pete, I will investigate further! Richard Hi Richard, Normally you can switch between J2EE and CFID/CFTOKEN cookies without problem unless something in your application code is relying on one or the other. It may be easy to change that or it may be quite involved, it depends quite a bit on how your application is coded. If you want to use J2EE sessions then you have to edit the jrun-web.xml file http://livedocs.adobe.com/jrun/4/Programmers_Guide/techniques_servlet13.htm#1154030but this is server wide so it will be the same for all sites / applications on the server. Another option would be to use the web server to add the appropriate flags to the web server, here's an example of how you do this on IIS7+ using the IIS rewrite module: http://www.petefreitag.com/item/817.cfm -- Pete Freitag - Adobe Community Professional http://foundeo.com/ - ColdFusion Consulting Products http://hackmycf.com - Is your ColdFusion Server Secure? http://www.youtube.com/watch?v=ubESB87vl5U - FuseGuard your CFML in 10 minutes On Thu, Feb 20, 2014 at 2:39 PM, Richard White rich...@re-base.net wrote: ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357761 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Setting Cookie Secure, Domain, Path
Hi Richard, Normally you can switch between J2EE and CFID/CFTOKEN cookies without problem unless something in your application code is relying on one or the other. It may be easy to change that or it may be quite involved, it depends quite a bit on how your application is coded. If you want to use J2EE sessions then you have to edit the jrun-web.xml file http://livedocs.adobe.com/jrun/4/Programmers_Guide/techniques_servlet13.htm#1154030but this is server wide so it will be the same for all sites / applications on the server. Another option would be to use the web server to add the appropriate flags to the web server, here's an example of how you do this on IIS7+ using the IIS rewrite module: http://www.petefreitag.com/item/817.cfm -- Pete Freitag - Adobe Community Professional http://foundeo.com/ - ColdFusion Consulting Products http://hackmycf.com - Is your ColdFusion Server Secure? http://www.youtube.com/watch?v=ubESB87vl5U - FuseGuard your CFML in 10 minutes On Thu, Feb 20, 2014 at 2:39 PM, Richard White rich...@re-base.net wrote: Hi Pete, yes although if i disable this my login stops working and appears the session variables that i use throughout the application cease to function. Thanks, Richard Hi Richard, do you have Use J2EE session variables checked in the CF administrator? -- Pete Freitag - Adobe Community Professional http://foundeo.com/ - ColdFusion Consulting Products http://hackmycf.com - Is your ColdFusion Server Secure? http://www.youtube.com/watch?v=ubESB87vl5U - FuseGuard your CFML in 10 minutes On Thu, Feb 20, 2014 at 5:41 AM, Richard White rich...@re-base.net wrote: ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357724 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Setting Cookie Secure, Domain, Path
Thanks Pete, this does seem to work by adding it to the application.cfc. However, when i first open the browser and go to the site it shows an error that the session.cfide does not exist. The culprit is in the onSessionStart method as shown below. If I reload the window then its all fine as I suppose at this point the session.cfide has been created. Would you know how to resolve this? cffunction name=onSessionStart cfcookie name=CFID value=#session.cfid# httponly=true secure=yes cfcookie name=CFTOKEN value=#session.cftoken# httponly=true secure=yes /cffunction Thanks ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357711 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Setting Cookie Secure, Domain, Path
Hi Richard, do you have Use J2EE session variables checked in the CF administrator? -- Pete Freitag - Adobe Community Professional http://foundeo.com/ - ColdFusion Consulting Products http://hackmycf.com - Is your ColdFusion Server Secure? http://www.youtube.com/watch?v=ubESB87vl5U - FuseGuard your CFML in 10 minutes On Thu, Feb 20, 2014 at 5:41 AM, Richard White rich...@re-base.net wrote: Thanks Pete, this does seem to work by adding it to the application.cfc. However, when i first open the browser and go to the site it shows an error that the session.cfide does not exist. The culprit is in the onSessionStart method as shown below. If I reload the window then its all fine as I suppose at this point the session.cfide has been created. Would you know how to resolve this? cffunction name=onSessionStart cfcookie name=CFID value=#session.cfid# httponly=true secure=yes cfcookie name=CFTOKEN value=#session.cftoken# httponly=true secure=yes /cffunction Thanks ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357714 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Setting Cookie Secure, Domain, Path
Hi Pete, yes although if i disable this my login stops working and appears the session variables that i use throughout the application cease to function. Thanks, Richard Hi Richard, do you have Use J2EE session variables checked in the CF administrator? -- Pete Freitag - Adobe Community Professional http://foundeo.com/ - ColdFusion Consulting Products http://hackmycf.com - Is your ColdFusion Server Secure? http://www.youtube.com/watch?v=ubESB87vl5U - FuseGuard your CFML in 10 minutes On Thu, Feb 20, 2014 at 5:41 AM, Richard White rich...@re-base.net wrote: ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357719 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Setting Cookie Secure, Domain, Path
Hi, Is there a way to set the secure, domain and path values for session CFID and CFTOKEN cookies in the application.cfc page of CF9? I have done some searches but cannot seem to find an answer. Many thanks, Richard ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357694 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Setting Cookie Secure, Domain, Path
Hi Richard, You can use the technique here: http://www.petefreitag.com/item/764.cfm it doesn't set path, domain, or secure but you can just add that to the cfcookie tag in the CF9 example. -- Pete Freitag - Adobe Community Professional http://foundeo.com/ - ColdFusion Consulting Products http://hackmycf.com - Is your ColdFusion Server Secure? http://www.youtube.com/watch?v=ubESB87vl5U - FuseGuard your CFML in 10 minutes On Tue, Feb 18, 2014 at 1:36 PM, Richard White rich...@re-base.net wrote: Hi, Is there a way to set the secure, domain and path values for session CFID and CFTOKEN cookies in the application.cfc page of CF9? I have done some searches but cannot seem to find an answer. Many thanks, Richard ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357709 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm