Add missing sessioncookie & authcookie attributes to cfapplication

Description

Currently the cfapplication is missing the attributes sessioncookie and authcookie meaning the developer has no control over the cookies set by cfapplication, see Adobe doc for details on attributes:

https://helpx.adobe.com/coldfusion/cfml-reference/coldfusion-tags/tags-a-b/cfapplication.html

This would allow, for example a developer to set the cookie to a domain, be httpOnly, secure, etc... e.g.:

Google Group discussion here:

https://groups.google.com/forum/#!msg/lucee/f-HofCD_UeI/e-AMyFX2AAAJ

This is also related to this change here:

https://github.com/getrailo/railo/pull/314

Which made CFID and CFTOKEN always be httpOnly cookies.

Also some background on setting a cookie as secure:

https://www.owasp.org/index.php/SecureFlag

Assignee

Michael Offner

Reporter

Andrew Dixon

Labels

None

Fix versions

Priority

New
Configure