coldfusion - managing cookies and log-in issue

Question

I'm trying to figure out why some users are having a hard time logging in.

after login credentials get verified, I'm using:

<cflock scope="session" timeout="45">
    <cfset session.userid = user.id>
</cflock>

<cfif structKeyExists(session, "cfid") AND structKeyExists(session, "cftoken") >            
    <cfcookie name="CFID" value="#SESSION.CFID#" httponly="false">
    <cfcookie name="CFTOKEN" value="#SESSION.CFTOKEN#" httponly="false">
</cfif>

This works fine for users with cookies, but users without cookies cannot login, which I'm ok with, because I've got some ajax calls that might make passing tokens a bit complicated.

The issue I'm having is that I have a user that has cookies turned on, but is not able to redirect after a successful login, which I believe is due to system logging the user out because the session is not being associated with the user - that is that the cookies are not being read properly. I know the user was able to log in with the tokens present, but any link that didn't include the token booted them out to the login screen.

Using supportdetails.com I got the information that the cookies are enabled, but the issue looks like the cookies are not set.

• Operating System: Windows Windows XP
• Web Browser: Internet Explorer 8.0
• Javascript: Enabled
• Cookies: Enabled
• User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Any idea how to find out exactly what is going on, or some insight as to how to get this resolved?

Answer 1

• check if session management & setclientcookie is on @ application.cfc
• if it's on, then basically you don't need your own <cfcookie> calls.
• use Inspect in your browser to inspect the HTTP respond headers