Adobe
Sign in Privacy My Adobe

ColdFusion MX 6.1: Hot fix for setting domain cookies with cfapplication

Adobe Community Help


Products Affected

Contact support

The setDomainCookies attribute of the cfapplication tag is used to associate a specific domain with a cookie so that a user's session is stored at the domain level (for example, .site1.com). In ColdFusion MX 6.1, when using the cfapplication tag with the setDomainCookies attribute set to yes, the wrong domain may be set on multihomed servers. The first time a domain cookie is set, the domain is determined and is set appropriately. Subsequent requests, even if they are from a virtual web site in a different domain, are set to the same domain as the initial request.

For example, server1 hosts two web sites, site1.com and site2.com. A customer requests http://www.site1.com/index.cfm, which sets a domain cookie for site1.com. The customer then requests http://www.site2.com/index.cfm, which should set a separate domain cookie for site2.com. Instead, site1.com is used again.

When specifying the setdomaincookies attribute, the domain is determined by first obtaining the server name from the web server (CGI.SERVER_NAME in CFML). If the server name obtained is "localhost" or "127.0.0.1", there is no domain. Otherwise, the domain name is the full string after the first dot in CGI.SERVER_NAME. This process does not occur correctly in ColdFusion MX 6.1 on multihomed servers and is logged as issue 53797. This TechNote provides a hot fix for the issue.

ColdFusion MX 6.1 - Server Configuration

Follow the instructions below to install the hot fix for ColdFusion MX 6.1 in the server configuration. For J2EE servers including JRun, use the instructions under the J2EE Configuration section.

Windows

  1. Download the hot fix (9K).
  2. Stop ColdFusion.
  3. Create the directory cf_root\runtime\servers\lib if it does not exist.
  4. Extract hf53797_61.jar from the downloaded ZIP file, into the following directory:

    cf_root\runtime\servers\lib\
  5. Restart ColdFusion.
  6. Examine the ColdFusion MX Administrator System Information page and confirm that hot fix hf53797_61.jar shows in the Java Class Path list.

Unix

  1. Download the hot fix (9K).
  2. Stop ColdFusion.
  3. Create the directory cf_root/runtime/servers/lib if it does not exist.
  4. Extract hf53797_61.jar from the downloaded ZIP file, into the following directory :

    cf_root/runtime/servers/lib/
  5. Edit the filecf_root/runtime/bin/jvm.config:
    1. Locate the JVM classpath section.
    2. Add {application.home}/runtime/servers/lib as the first entry in the java.class.path list.



      For example:

      # JVM classpath java.class.path={application.home}/runtime/servers/lib, {application.home}/runtime/../../src, {application.home}/lib/cfusion.jar, {application.home}/runtime/lib/webservices.jar
  6. Restart ColdFusion.
  7. Examine the ColdFusion MX Administrator System Information page and confirm that hot fix hf53797_61.jar shows in the Java Class Path list.

ColdFusion MX 6.1 - J2EE Configuration ColdFusion MX 6.1 - J2EE Configuration with JRun

Follow the instructions below to install the hot fix for ColdFusion MX 6.1 in the J2EE configuration with a J2EE server including JRun:

  1. Download the hot fix (9K).
  2. Extract hf53797_61.jar from the downloaded ZIP file, into thecf_root/WEB-INF/lib directory.
  3. Change the Context Parametercf.class.path

    in the Deployment Descriptor (cf_root/WEB-INF/web.xml)

    for the Web Application "Macromedia ColdFusion MX" (cfusion.war)



    from:

    ./WEB-INF/cfusion/lib/cfusion.jar



    to:

    ./WEB-INF/lib/hf53797_61.jar,./WEB-INF/cfusion/lib/cfusion.jar



    • Note that the two paths in cf.class.path each start with a period and are separated by a comma.
    • Do not confuse ./WEB-INF/lib (which contains the hot fix jar file) with ./WEB-INF/cfusion/lib (which contains cfusion.jar).
  4. Stop and restart the J2EE server for changes to take effect.
  5. Examine the ColdFusion MX Administrator System Information page and confirm that hot fix hf53797_61.jar shows up in the Version section like 6,1,0 hf53797_61. Note: You will not see this jar in the Java Class Path because the hot fix jar is being loaded in the Coldfusion Class Path.
  6. Repeat steps for each deployed instance of ColdFusion.

About changing the Deployment Descriptor

  • Deployment Descriptor Context Parameters can be changed using the J2EE Administrator Control Panel (WebLogic and JRun) or by using the Application Assembly Tool (Websphere). If your J2EE server does not have such a tool, you must make sure that the Context Parameter change is made for all deployed instances of ColdFusion. It may be necessary to un-deploy CFMX, make the change, then re-deploy CFMX. See your J2EE documentation for other methods.
  • Be sure to Persist (WebLogic) or Save (Websphere) your changes after you change the value for cf.class.path.
  • You will usually need to stop and restart your J2EE server to make these changes effective.

Additional Information

Keywords: tn_19060

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy

Products

Download

Support & Learning

Buy

Company

Choose your region

Copyright © 2013 Adobe Systems Incorporated. All rights reserved.

Terms of Use | Privacy | Cookies

Reviewed by TRUSTe: site privacy statement