The only files that are loaded from the path “/lucee/…” are:
/lucee/core/ajax/JSLoader.cfc?method=get&lib=LuceeAjax
/lucee/formtag-form.cfm
There’s no use of dynamic content like cfimage in our code.
Looking in our FusionReactor monitoring I see, that the response header from “/lucee/core/ajax/JSLoader.cfc?method=get&lib=LuceeAjax” is the following:
Set-Cookie cfid=ca74469c-b2b7-4716-8ade-87778d37951f;Path=/;Expires=Tue, 23-Feb-2021 18:17:56 UTC;HttpOnly
Set-Cookie cfid=ca74469c-b2b7-4716-8ade-87778d37951f;Path=/;Expires=Tue, 23-Feb-2021 18:17:56 UTC;HttpOnly
Return-Format plain
I don’t understand where the set-cookie command comes from.
I assume, that the Lucee Server Admin does not save the settings properly.
Where does the Lucee Server Admin save its settings?
AND
Why can I only ommit the both cookies when I change the settings directly in the “/WEB-INF/lucee/context/Application.cfc” file to this.setclientcookies=“no”.