CFToken cookie disappears when enabling "Use UUID for cftoken"

Asked Dec 21 '16 at 15:28

Active Dec 21 '16 at 15:38

Viewed 155 times

I've noticed that when enabling the option "Use UUID for cftoken" in ColdFusion Administrator the CFToken cookie is no longer set in the browser.

From my understanding this option should only cause the CFToken cookie to be a longer alphanumeric string for security purposes.

Is there another option that might cause this behavior in conjunction with the "Use UUID for cftoken" option?

Version: ColdFusion 2016

edited Dec 21 '16 at 15:38

James A Mohler

asked Dec 21 '16 at 15:28

MPaul

I've had "Use UUID for cftoken" turned on for my CF 9, 10, and 11 servers and never seen an issue like you're having. Do you have "Secure Cookie" turned on in "Memory Variables"? If it's turned on and you access the site over HTTP, then the cookies _won't_ be set. – Kevin Morris Dec 21 '16 at 18:52
I do not have the option "Secure Cookie" turned on, however I realize that I'm access this website internally through an IP address with `https` pre-pended. I wonder if that could cause issues when setting the cftoken cookie. – MPaul Dec 22 '16 at 17:57
Does this test show you the cftoken? `` – BKBK Dec 28 '16 at 11:13

0 Answers0