Password.txt is NOT used.

The ability to use password.txt is only available when there is no password defined in your CFConfig.json

for backwards compat, in addition to hspw there are additional fields checked for a password, adminDefaultPW adminPWand adminDefaultPassword adminPassword

I also can’t reproduce this, using windows sandbox I had a world of problems with commandbox 6.1 (but that’s another story, installer didn’t work, server stop timing out calling cfexecute )

So back to your issue, just creating a password.txt once those values are set, will do nothing

Can you try with 6.2.0.318-SNAPSHOT (or similar), taking copies of your .CFconfig.json between steps and post back here any diffs for the above variables between those steps?

Keep in mind, changes in the .CFConfig.json are only polled every 60s when checkForChanges is enabled, otherwise, changes won’t be applied until after a restart

https://docs.lucee.org/recipes/check-for-changes.html

when enabled, you’ll see the following log entry within 60s, if you modify the context .CFConfig.json file

alternatively, since 6.1.1 you can just drop a .json containing any CFConfig directives (i.e. the snippets above etc) into your deploy directory and it will be imported (merged) automatically ever 60s

I retried - using 6.1.1.118

This issue is NOT resolved.

• I have deleted the ./Commandbox directory and restarted the server.

• I then created a password.txt file.

• I then restarted the server with (box) server stop / server start

The password.txt file is NOT imported - it remains in the lucee-server/context directory

, I investigated this ticket using Lucee version 6.2.0.272-SNAPSHOT with CommandBox. When I tried to set the Lucee admin password through CFConfig, it worked as expected. Additionally, when I set the dotenv variable LUCEE_ADMIN_PASSWORD in CommandBox, it worked fine in the Lucee Server Admin. No issues were encountered, and it functions correctly in the latest version of Lucee.

how does the browser cookie have any effect on this?
In the end it is very easy in Lucee 5, Lucee looks for the password in the lucee-server.xml, if that is not set, Lucee will give the message about the password.txt on the login page and when you click “import“ it will read the txt file and set the password.
reading the description from above it seems, a maybe empty password is set in the XML.

the only change on this in Lucee 5, is that we added support for the env var “LUCEE_ADMIN_PASSWORD“ (read more here ) that will bypass the password.txt.
can you check if that is a regression not happening with older versions?
Please also check how the lucee-server.xml looks like, that is the only thing that count, when the env var “LUCEE_ADMIN_PASSWORD“ is not set.

, I investigated this ticket using Lucee version 5.4.6.9-SNAPSHOT and 6.2.0.249-SNAPSHOT with CommandBox. When I tried to set the password using the config set adminPassword=myPassword toFormat=luceeServer command, the password was generated in the CommandBox.json file, but the Lucee admin password was not updated. This appears to be a valid bug.
However, when I created the password.txt file in the lucee-server/context/ directory after deleting the / .CommandBox/ folder from the root, the password from the password.txt file was successfully configured in the Lucee admin.