Lucee 5.4+ CFCOOKIE expires being stripped by CloudFlare

Hey guys!

I see that this has been resolved in Lucee 6.2+, but we have a client running 5.4.7.3. Currently, we cannot move to 6 or 7 (we are looking to do it soon, though). Is there an easy way to fix this across multiple servers? We have written a function to set cookies correctly, but we would love to fix it globally per server so we can continue using cfcookie.

NOTE: This is an internal-facing server only.

OS: AMAZON LINUX
Java Version: 1.8.0_392
Tomcat Version: 8.5.23
Lucee Version: 5.4.7.3

FYI: I know development is done with 5.4... I was just hoping we could make a quick change like the one made to the 6.2 code.

1 Like

yeah, that’s a serious regression due to what I believe is a recent change by cloudflare

I’ve backported this fix to 5.4.8.2-SNAPSHOT (building now)

https://luceeserver.atlassian.net/browse/LDEV-4314?focusedCommentId=61632

Previous changes since 5.4.7.3 stable are

  • 5.4.8.1 add checks to ignore update attempts to lucee 7 which have a loader change (rather than crashing after updates)
  • 5.4.8.0 adds filtering to extensions to hide incompatible newer, i.e. Lucee 7 only extensions from the admin

As this is a minor backported change, after some quick feedback, I’ll drop a new stable 5.4.8 LTS release

update

Due to some tech debt, 5.4 won’t show such older snapshots (it’s limited to the last 400 snapshots), so I’m publishing this as 5.4.8.2-RC

Thanks, @Zackster! It’s fully deployed and running perfectly. I’ll drop an update in a few days. FYI: The cookie expires issue is working perfectly.

1 Like