I just figured out that if I go to
myDomain.com
www.myDomain.com
it has two separate sessions.
Is there a setting Adobe ColdFusion 10 to make this a single session?
Turn off setClientcookies in Application.cfc and set CFID & CFSESSION cookie using <cfcookie> (or <cfheader> if u run into domain= bug) yourself onSessionStart with domain=myDomain.com and httponly
This is said to be fixed finally in update 5 of CF11. See the "bugs fixed" document linked to from https://helpx.adobe.com/coldfusion/kb/coldfusion-11-update-5.html, which has a link to the bug report above and indicates it's resolved. Sadly, there's no mention of it in the CF10 bugs fixed though. That would be a shame if it was happening in 10 but not fixed in it.
Related
How can I deactivate the fe_typo_user cookie in TYPO3 7.6. I don't use fe_login or other data stored in sessions on this website, but the cookie is set. The website was updated from an earlier TYPO3 version. In this issue another user had the same problem with an updated version - as solution he obviously used a fresh installation of TYPO3.
Isn't there another way to deactivate this cookie if not used? In earlier versions it worked with
["FE"]["dontSetCookie"] = 1
but in 7.6. obviously not anymore.
Edit:
The cookie is set new. I deleted it in chrome developer tools. You could check this webiste. I use powermail for contact forms, but as far as I know it doesn't set cookies. For tracking Piwik/Matomo is used, but it has it's own cookies "outside" of TYPO3. Conditions aren't used.
Which version of powermail are you using?
Since v6.0 the session-spam-check is disabled by default.
From release notes:
Task: Disable session-spam-check by default (to prevent generating a cookie)
Are you sure the cookie is set new?
You need to identify where you have user-dependent configuration which might set the cookie.
Do you have forms or interactive elements in the site?
Do you have conditions in your configuration?
Do you use tracking tools?
I'm using Liferay 6.1.0 GA1.
My applications runs on two tomcats. I have varnish in front of them. Varnish redirect to particular node when cookie is set on it.
When I'm trying to upload multiples files on Firefox, it loses this cookie (on Chrome it works just fine).
My idea was, to extend URL - add parameter that can later be filtered in Varnish. But I cannot find where should I add this, that Flash can later copy this properly.
Any other ideas that will be helpful are welcome as well.
P.S. Sorry for bad english.
"Loosing a cookie" means that it explicitly is set to another value, or the hostname changes. I suggest you use Firebug or the built-in Developer tools (hit F12) and monitor the requests and responses that go through the line. Pay attention to Set-Cookie directives in the response headers as well as the Host directive in the request headers. This should give some hints where they're going.
It's hard to give more specific advice with the level of detail you provide.
I have a few related selects that work perfectly on a testing server with very loose security (basically just a simple default install of CF 10).
I have tried to implement the CF 10 lockdown guide on the production server and all seems well, except that related select don't work. That is, the first select in the chain doesn't populate and therefore, none of the related selects populate either.
I even recreated Ben Forta's art media example: perfect on the testing server, no triggering in production.
All other CFC functions seem to work: SELECT and INSERT queries are just fine. Only CFSELECTs with bindings are hosed. I pretty sure that the problem is a server configuration. The same pages worked just fine on our old CF 9 box. Any ideas would be helpful.
My advice to you would be to NOT use cfselect or any other UI stuff in ColdFsuion - It only causes more headaches than it gets rid of.
That being said, if you followed the lockdown guide, you should have limited access to the CFIDE directory - which is needed for any of the ColdFusion UI stuff. There is an option in CF Admin to use a 'custom' path for the scripts ColdFusion uses - it is on the main Settings page. Set this value and create a virtual directory in IIS with the same name pointing to the {cfroot}CFIDE/scripts directory.
Looking at my website in IE8 in windows XP, cookies work fine. But, when i connect to my local dev version over the local network, it's not saving cookies. I'm connecting via an entry in my c:\WINDOWS\system32\drivers\etc\hosts file.
I'm not that familiar with the intricacies of IE8's security settings. Could there be something that the live site does, which the local version doesn't, which means the local version is failing some security test and thus not getting its cookies saved? IE8 is on the default "Medium-High" security setting. I've tried changing it to "Medium" (the lowest) and get the same problem.
When i say it's not saving the cookies, i mean that i'm looking in the IE8 dev tools/Cache/View Cookie Information page, and it's totally empty (apart from the site url) - there's no cookies saved at all.
Hoping to get some pointers on this, i don't really know where to start trying to fix it.
thanks, max
Ok, figured it out - the hostname i was using had an underscore in it. When i changed it to a hyphen it worked fine.
thanks for reading!
In production server I can't login to my website.
I know that it is some bug of Django with MD5 crypt or something like that, but unfortunately I don't remember what I should do. I am searching the answer since half day, but I can't find this website where was explained this problem.
DO you know how I can do sessions working.
In answer to this bit the comments
Sorry, but problems is otherwise. I
am using subdomains like pl.domain and
uk.domain and domain. User is only
logged in one subdomain, but I want
make it logged in all website. Is it
possible? – Thomas
you need to allow cross-domain sessions that don't just refer to a subdomain. By default, Django will give you different sessions for bar.example.com and foo.example.com.
In your settings.py set SESSION_COOKIE_DOMAIN to .domain.tld (don't forget the leading dot!) and you'll be sorted.