I’m trying to migrate our main application piece by piece from ACF to Lucee. Unfortunately I run into problems here and there.
I’ve already read the post https://dev.lucee.org/t/how-do-i-prevent-the-cookies-cfid-and-cftoken-from-being-set/7684 but this was no solution for me, because there’s no creating of dyamic content like captchas with cfimage in our code.
I just want to use JEE sessions and set the following in the SERVER administrator:
Session Type = JEE
Session Management = Enabled
Client Management = Disabled
Domain Cookies = Disabled
Client Cookies = Disabled
Session Storage = Memory
Furthermore I have an Application.cfc with:
this.sessionType = “jee”;
this.sessionManagement = true;
this.clientManagement = false;
this.setDomainCookies = false;
this.setClientCookies = false;
this.sessionStorage = “memory”;
The cookies CFID and CFTOKEN are still set in the browser and I don’t know why.
Where (in which file) are the server admin settings saved?
I would expect, that the server admin settings are saved in the “/WEB-INF/lucee/context/Application.cfc” file.
Original content of “/WEB-INF/lucee/context/Application.cfc”:
this.name = “lucee_context#server.lucee.version#”;
The only workaround I’ve found is to edit the this file and set:
I doubt that this is the correct (or “planned”) way to disable the cookies CFID and CFTOKEN.
Any help would be appreciated.
Don’t forget to tell us about your stack!
OS: Debian 9.13 - Linux
Java Version: openjdk version “11.0.7” 2020-04-14
Tomcat Version: 9.0.35
Lucee Version: Lucee 188.8.131.52-RC