displaying top 100 results
Tracker Issue Add SameSite Cookie Support to ColdFusion
Add SameSite Cookie Support to ColdFusion
Tracker Issue Unable to specify Cookie Timeout of -1 in Administrator
Unable to specify Cookie Timeout of -1 in Administrator
CF Crash (500 Internal Server Error) from Non-ASCII Cookie Character
Cookie is no longer expired when no value attribute is used in IE
Tracker Comment Comment on CF Crash (500 Internal Server Error) from Non-ASCII Cookie Character by External U.
Comment on CF Crash (500 Internal Server Error) from Non-ASCII Cookie Character by External U.
Comment on Add SameSite Cookie Support to ColdFusion by Vamseekrishna N.
Tracker Comment Comment on CF Crash (500 Internal Server Error) from Non-ASCII Cookie Character by James M.
Comment on CF Crash (500 Internal Server Error) from Non-ASCII Cookie Character by James M.
Turning on Secure Cookie should force Admin to only run under https
Tracker Comment Comment on Add SameSite Cookie Support to ColdFusion by Peter F.
Comment on Add SameSite Cookie Support to ColdFusion by Peter F.
Tracker Comment Comment on CF Crash (500 Internal Server Error) from Non-ASCII Cookie Character by External U.
Comment on CF Crash (500 Internal Server Error) from Non-ASCII Cookie Character by External U.
Comment on Unable to specify Cookie Timeout of -1 in Administrator by External U.
Bug 87081:Change the Client Variable Storage default to Cookie or None
Tracker Comment Comment on CF Crash (500 Internal Server Error) from Non-ASCII Cookie Character by External U.
Comment on CF Crash (500 Internal Server Error) from Non-ASCII Cookie Character by External U.
Tracker Comment Comment on CF Crash (500 Internal Server Error) from Non-ASCII Cookie Character by James M.
Comment on CF Crash (500 Internal Server Error) from Non-ASCII Cookie Character by James M.
Tracker Comment Comment on CF Crash (500 Internal Server Error) from Non-ASCII Cookie Character by External U.
Comment on CF Crash (500 Internal Server Error) from Non-ASCII Cookie Character by External U.
Tracker Comment Comment on CF Crash (500 Internal Server Error) from Non-ASCII Cookie Character by External U.
Comment on CF Crash (500 Internal Server Error) from Non-ASCII Cookie Character by External U.
Tracker Comment Comment on Cookie is no longer expired when no value attribute is used in IE by Vamseekrishna N.
Comment on Cookie is no longer expired when no value attribute is used in IE by Vamseekrishna N.
Tracker Comment Comment on Cookie is no longer expired when no value attribute is used in IE by Aaron N.
Comment on Cookie is no longer expired when no value attribute is used in IE by Aaron N.
EET#580 Coldfusion does not expire empty-value cookies in IE - Japanese Locale
Tracker Comment Comment on Bug 80043:HTTP-Only cookie for session cookie? It is currently not possible for dealing with session cookie by External U.
Comment on Bug 80043:HTTP-Only cookie for session cookie? It is currently not possible for dealing with session cookie by External U.
Tracker Issue Coldfusion does not expire empty-value cookies in IE
Coldfusion does not expire empty-value cookies in IE
Tracker Issue Bug 80043:HTTP-Only cookie for session cookie? It is currently not possible for dealing with session cookie
Bug 80043:HTTP-Only cookie for session cookie? It is currently not possible for dealing with session cookie
Comment on Coldfusion does not expire empty-value cookies in IE by External U.
Cookies containing the '@' character are truncated (i.e. those with emails)
Tracker Comment Comment on CFCOOKIE setting empty string with double quotes on the client side by Adobe D.
2611586 CF-3608332 Adobe D. CFCookie and Cookie in script
Bug Number: CF-3608332
Reviewer: Alty
Description: Empty cookie value was getting added as "" i.e. double quotes characters. This is a bug with Tomcat. Logged tomcat bug 55867. For now if cookie value is empty we will add this cookie as SET-Cookie
Comment on CF10 writes CFID and CFToken cookies incorrectly, causing session problems (fatal for CF9) for all other instances in domain by External U.
Tracker Comment Comment on <cfparam> sends a cookie by External U.
Comment on sends a cookie by External U.
Bug 81187:When using the HTTPOnly flag in CFCOOKIE on a CF9 Web Application deployed on Tomcat 6, the cookie statement is improperly constructed resulting in appending the HTTPOnly statement to the cookie value
Comment on with no expires attribute managing session (CFID / CFTOKEN) browser only cookies results in persistent cookies by External U.
Tracker Comment Comment on cookies will be corupt/session will not hold after enable secure cookie custom header to prevent xss vulnerabilities by Norbert L.
Comment on cookies will be corupt/session will not hold after enable secure cookie custom header to prevent xss vulnerabilities by Norbert L.
Tracker Issue cookies assigned with a NULL value are not recognized
cookies assigned with a NULL value are not recognized
Tracker Issue cookies will be corupt/session will not hold after enable secure cookie custom header to prevent xss vulnerabilities
cookies will be corupt/session will not hold after enable secure cookie custom header to prevent xss vulnerabilities
Tracker Comment Comment on '"></title><InvalidTag>alert(document.cookie)</script>'"><marquee><h1>XSS Sami</h1></marquee> by External U.
Comment on '">alert(document.cookie)'"> by External U.
Tracker Comment Comment on setDomainCookies="true" does not set domain cookies in websites like... http://example.com by S P.
Comment on setDomainCookies="true" does not set domain cookies in websites like... http://example.com by S P.
Tracker Comment Comment on setDomainCookies="true" does not set domain cookies in websites like... http://example.com by S P.
Comment on setDomainCookies="true" does not set domain cookies in websites like... http://example.com by S P.
Tracker Comment Comment on setDomainCookies="true" does not set domain cookies in websites like... http://example.com by External U.
Comment on setDomainCookies="true" does not set domain cookies in websites like... http://example.com by External U.
Tracker Comment Comment on Session Cookies Being Overwritten Browsing From SSL to Non SSL by External U.
Comment on Session Cookies Being Overwritten Browsing From SSL to Non SSL by External U.
2611350 CF-3628944 S V. I am able to reproduce the issue after adding the provided logout.cfm logic in the adobe’s documentation example. This issue happens because of manually clearing cookies.
One of the reason this issue was introduced because of the newly added attribute ‘preserveCase’ which
Addressing SameSite cookie issues, before Adobe offers an update that does
Tracker Issue '"></title><InvalidTag>alert(document.cookie)</script>'"><marquee><h1>XSS Sami</h1></marquee>
'">alert(document.cookie)'">
Comment on Coldfusion does not expire empty-value cookies in IE by Toby W.
Tracker Comment Comment on <cfparam> sends a cookie by External U.
Comment on sends a cookie by External U.
Tracker Issue <cfcookie> with no expires attribute managing session (CFID / CFTOKEN) browser only cookies results in persistent cookies
Comment on with no expires attribute managing session (CFID / CFTOKEN) browser only cookies results in persistent cookies by External U.
Tracker Comment Comment on Cookies containing the '@' character are truncated (i.e. those with emails) by Kailash B.
Comment on Cookies containing the '@' character are truncated (i.e. those with emails) by Kailash B.
Comment on Cookie-Processing not complaint to latest RFC by Kailash B.
Comment on ColdFusion 10 cannot read the cookie value with = character by S V.
Tracker Comment Comment on <cfparam> sends a cookie by External U.
Comment on sends a cookie by External U.
Comment on CF10 writes CFID and CFToken cookies incorrectly, causing session problems (fatal for CF9) for all other instances in domain by External U.
Tracker Comment Comment on Updater 15 changes/breaks behavior of deleting cookie.cfid/cftoken by External U.
Comment on Updater 15 changes/breaks behavior of deleting cookie.cfid/cftoken by External U.
Tracker Comment Comment on CFCOOKIE setting empty string with double quotes on the client side by Adobe D.
2611586 CF-3608332 Adobe D. Comments from Tomcat bug. Looks like we will not get a fix from tomcat.
[reply] [?] Description Shilpi 2013-12-12 07:15:00 UTC
When Cookie value is empty, double quotes are added. Example if cookie is following -
name = test
value =
the resultant cookie in the client
Comment on CF10 writes CFID and CFToken cookies incorrectly, causing session problems (fatal for CF9) for all other instances in domain by External U.
Portal Comment Comment on ColdFusion 2018 on Ubuntu – problem download installer from Adobe by Charlie Arehart
Charlie Arehart I would recommend you start by using another browser, to make sure this is not some curious cookie problem. Or if you have no other browser, try clearing your cookies in the current browser.
Comment on cookies assigned with a NULL value are not recognized by External U.
Tracker Comment Comment on User Login session not properly closed by External U.
2609512 CF-3839458 External U. Forgot to note:
When THIS.loginStorage="cookie", then the issue does not reoccur if an old cfauthorization cookie is still present.
Thanks!,
-Aaron
Tracker Comment Comment on setDomainCookies="true" does not set domain cookies in websites like... http://example.com by External U.
Comment on setDomainCookies="true" does not set domain cookies in websites like... http://example.com by External U.
Tracker Comment Comment on setDomainCookies="true" does not set domain cookies in websites like... http://example.com by CFwatson U.
Comment on setDomainCookies="true" does not set domain cookies in websites like... http://example.com by CFwatson U.
Tracker Comment Comment on setDomainCookies="true" does not set domain cookies in websites like... http://example.com by S P.
Comment on setDomainCookies="true" does not set domain cookies in websites like... http://example.com by S P.
Tracker Comment Comment on Can't Add Datasource by External U.
2611127 CF-3639079 External U. Try clearing your cookies. I've seen this happen before when you have another cf server that's setting a domain cookie for cfid/cftoken/jsessionid.
Tracker Comment Comment on Session Cookies Being Overwritten Browsing From SSL to Non SSL by External U.
Comment on Session Cookies Being Overwritten Browsing From SSL to Non SSL by External U.
Tracker Comment Comment on cookies will be corupt/session will not hold after enable secure cookie custom header to prevent xss vulnerabilities by Norbert L.
Comment on cookies will be corupt/session will not hold after enable secure cookie custom header to prevent xss vulnerabilities by Norbert L.
Tracker Comment Comment on cookies will be corupt/session will not hold after enable secure cookie custom header to prevent xss vulnerabilities by S P.
Comment on cookies will be corupt/session will not hold after enable secure cookie custom header to prevent xss vulnerabilities by S P.
Tracker Comment Comment on CFCookie "samesite" support by Matthew C.
4123109 CF-4201688 Matthew C. Just more info on it - we'd really like to see this implemented:
https://web.dev/samesite-cookies-explained/
https://www.troyhunt.com/promiscuous-cookies-and-their-impending-death-via-the-samesite-policy/
Tracker Comment Comment on CFCookie "samesite" support by Toby W.
4123109 CF-4201688 Toby W. This is now an issue as Chrome blocks all cookies that require this attribute that are not on the same site. Which means that cookies are unusable in Chrome - we need a fix now!
Is there a hot fix?
Tracker Comment Comment on setDomainCookies causes NullPointerException on domain change by External U.
Comment on setDomainCookies causes NullPointerException on domain change by External U.
Tracker Comment Comment on Updater 15 changes/breaks behavior of deleting cookie.cfid/cftoken by S P.
Comment on Updater 15 changes/breaks behavior of deleting cookie.cfid/cftoken by S P.
Comment on CF10 writes CFID and CFToken cookies incorrectly, causing session problems (fatal for CF9) for all other instances in domain by External U.
Tracker Comment Comment on Session Cookies Being Overwritten Browsing From SSL to Non SSL by Adobe D.
Comment on Session Cookies Being Overwritten Browsing From SSL to Non SSL by Adobe D.
Tracker Comment Comment on Session gets lost on cflocation width J2EE Sessions and Cookies disabled by External U.
Comment on Session gets lost on cflocation width J2EE Sessions and Cookies disabled by External U.
Tracker Comment Comment on Cookies containing the '@' character are truncated (i.e. those with emails) by Aaron N.
Comment on Cookies containing the '@' character are truncated (i.e. those with emails) by Aaron N.
Tracker Issue Cookie-Processing not complaint to latest RFC
Cookie-Processing not complaint to latest RFC
Tracker Issue setDomainCookies="true" does not set domain cookies in websites like... http://example.com
setDomainCookies="true" does not set domain cookies in websites like... http://example.com
Bug 79691:While I found that CFCOOKIE now supports a httpOnly attribute to send HttpOnly cookies to the browser, the default cookies CF sends (e
Comment on Cookie-Processing not complaint to latest RFC by H. S.
Tracker Comment Comment on <cfparam> sends a cookie by External U.
Comment on sends a cookie by External U.
Tracker Comment Comment on <cfparam> sends a cookie by External U.
Comment on sends a cookie by External U.
Comment on with no expires attribute managing session (CFID / CFTOKEN) browser only cookies results in persistent cookies by External U.
Comment on Bug 79691:While I found that CFCOOKIE now supports a httpOnly attribute to send HttpOnly cookies to the browser, the default cookies CF sends (e by External U.
Tracker Comment Comment on CFCookie "samesite" support by A. B.
4123109 CF-4201688 A. B. Could it be that ColdFusion 2018 implicitly supports samesite cookies? After all, ColdFusion 2018 runs on Tomcat 9.0.21, and this version of Tomcat has support for samesite cookies. See https://tomcat.apache.org/tomcat-8.5-doc/config/cookie-processor.html
You would
Tracker Issue CFCookie "samesite" support
4123109 CF-4201688 Language : Cookie James Moberg CFCookie "samesite" support I'd like to use the "samesite" cookie attribute w/CFCookie. (I would prefer not to have to write my own handler because I've encountered issues where setting a cookie wouldn't make it available to the Cold
Tracker Issue <cfparam> sends a cookie
Tracker Issue Invalid Set-Cookie Header Date Format
Invalid Set-Cookie Header Date Format
Setting a cookie to a non-simple value doesn't throw an error in scope-syntax
setDomainCookies causes NullPointerException on domain change
Tracker Issue CFLOGIN idletimeout under cookie storage does not work
CFLOGIN idletimeout under cookie storage does not work
Bug 86387:-(Watson Migration Closure)Session cookies see comments
Tracker Comment Comment on Session information in AJAX call by External U.
2608114 CF-4189738 External U. Hi Preethi,
I've attached a zip file with 3 coldfusion files. Navigate to /ajaxTest.cfm When cookies are turned off, the page will alert "Server var is not defined". If cookies are enabled, the file will alert true. (It took me a little while to get cookies
Comment on cookies assigned with a NULL value are not recognized by Kailash B.
Tracker Comment Comment on CF10 Session variables lost by External U.
2609409 CF-3849572 External U. This problem may be related to the change made to CF Session ID creation when the browser cookie passes a CF ID to CF server that does not have that Session ID in memory (ie. an old Session ID). I believe at CF9, Coldfusion now creates a brand new CF ID, instead
Tracker Comment Comment on There was an error accessing this page. Check logs for more details. by External U.
2612274 CF-3531688 External U. This problem is caused by cookies. Cookies issued by CF9 are picked up by CF10 but they contain mismatching information (GUID etc) which causes CF10 to be confused. Each time I've seen it clearing cookies for that domain solves the problem. This means you will only
Tracker Comment Comment on Session gets lost on cflocation width J2EE Sessions and Cookies disabled by External U.
Comment on Session gets lost on cflocation width J2EE Sessions and Cookies disabled by External U.
Tracker Comment Comment on CFCookie "samesite" support by John W.
4123109 CF-4201688 John W. https://blog.chromium.org/2019/10/developers-get-ready-for-new.html
With Chrome 80 in February, Chrome will treat cookies that have no declared SameSite value as SameSite=Lax cookies. Only cookies with the SameSite=None; Secure setting will be available for external
Tracker Comment Comment on CFCookie "samesite" support by Edwin S.
4123109 CF-4201688 Edwin S. Hi Gerald,
We are adding header from our side. If it is not being honoured, then Websphere might be processing the Set-Cookie headers to remove unexpected attributes. So they need to support as well
Few application servers(including Tomcat) do not support samesite
Tracker Issue session data between sub domains
3422688 CF-4199524 Core Runtime : Session Management branden johnson session data between sub domains i need to maintain session data between sub domains
you can do this easy by setting:
this.setdomaincookies="yes"
works perfectly because the cfid and cftoken cookies domain is set to ".domain
Comment on jsessionid cookie present when J2EE disabled from admin by Stephen W.
Tracker Comment Comment on '"></title><InvalidTag>alert(document.cookie)</script>'"><marquee><h1>XSS Sami</h1></marquee> by External U.
Comment on '">alert(document.cookie)'"> by External U.
Comment on setDomainCookies causes NullPointerException on domain change by S P.
Tracker Comment Comment on setDomainCookies causes NullPointerException on domain change by External U.
Comment on setDomainCookies causes NullPointerException on domain change by External U.
Tracker Comment Comment on setDomainCookies causes NullPointerException on domain change by Vamseekrishna N.
Comment on setDomainCookies causes NullPointerException on domain change by Vamseekrishna N.
Tracker Comment Comment on setDomainCookies causes NullPointerException on domain change by External U.
Comment on setDomainCookies causes NullPointerException on domain change by External U.