If I expand the session type information in the Lucee admin I get the following information this.sessionType = "jee";
or this.sessionType = "application";
This is really frustrating, I guess the correct information is the one provided in the Lucee Admin?
Another gotcha:
If I enable sessionType “application” in the Lucee Admin and open one CF app with sessionType “application” I get 2 cookies: cfid, cftoken
This is fine
If I enable sessionType “jee” in the Lucee Admin and open one CF app with sessionType “application” I get 3 cookies: JSESSIONID,cfid, cftoken
Imho this is a bug, why is the Lucee Admin setting overriding the app setting?
Yes, I normally use jee sessions too - but if I want to store sessions into a cache or db this is not possible with Lucee. I have to switch to sessionType “application” (or cfml?).
I guess your sessionType should be “jee” and not “j2ee”?
Yes, I cleared all the cookies before my tests and tested a lot of times - so I am sure that my cookies are newly set by Lucee.
When I switched to using jsessionid cookies several years ago the value given was “j2ee”. But Lucee will accept both (and also just “j” apparently).
Do you have this.setClientCookies = false;? If I remove that line then I’m also seeing cfid/cftoken cookies being set, even when this.sessionManagement = false;
Thanks for the information about the sessionType values, I guess we should update the cfdocs.org documentation.
Regarding "setClientCookies " - please see my test results.
Imho the application sessionType should overrule the sessionType defined in the Lucee administrator, so it looks like a bug to me: