Details
Details
Assignee
Michael Offner
Michael OffnerReporter
Tim Parker
Tim ParkerPriority
Labels
New Issue warning screen
Before you create a new Issue, please post to the mailing list first https://dev.lucee.org
Once the issue has been verified, one of the Lucee team will ask you to file an issue
Affects versions
Created 13 April 2020 at 20:24
Updated 26 January 2023 at 22:21
In our implementation, we initialize the application space with <cfapplication... setClientCookies="no"> and then use CFCookie to send the CFID and CFToken cookies so we can control the attributes. The cookies we set get the names CFID and CFTOKEN (all-upper-case).
If a user with no cookies goes to the Lucee administrator before they hit our application, Lucee generates 'cfid' and 'cftoken' cookies (all-lower-case names). If the user then browses to our application, additional CFID and CFTOKEN cookies are added. This duplication interfere with our sessions. The only work-around we've found is to manually clear the lower-case variants using the browser's debug tools
If the CFID and CFTOKEN cookies are created first, Lucee does not create the redundant cookies