tracker issue : CF-4189738

select a category, or use search below
(searches all categories and all time range)

Session information in AJAX call

| View in Tracker

Status/Resolution/Reason: To Test//NeedMoreInfo

Reporter/Name(from Bugbase): Jay Kirk / Jay Kirk (Jay Kirk)

Created: 09/15/2016

Components: AJAX

Versions: 2016,11.0,2018

Failure Type:

Found In Build/Fixed In Build: CF11_Final /

Priority/Frequency: Major / All users will encounter

Locale/System: English / Win 2012 Server x64

Vote Count: 0

Problem Description: We have users who do not allow cookies.  When we make an ajax call, their session is not maintained.

Steps to Reproduce:  Disable cookies in your browser.  Create a coldfusion session.  Make an AJAX request which references the session.

Actual Result:Session is not maintained.

Expected Result:Session information should be available.

Any Workarounds: In the "cfajax.js" file (\cfusion\wwwroot\CFIDE\scripts\ajax\package), we found the issue and corrected with a few lines of code.  The problem is anytime we perform a CF update, we need to change these lines again.  See the note below.

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	4189738

Reason:	BugVerified

External Customer Info:
External Company:  
External Customer Name: Jay Kirk
External Customer Email:  
External Test Config: My Hardware and Environment details: Window 10 64bit, SQL, IIS 10, CF 11


  1. October 05, 2016 00:00:00:
  2. June 01, 2017 00:00:00: cfajax.js


/* start change 1 */ var _2a5=""; if (typeof urlToken === 'undefined') { _2a5="method="+_29e+"&_cf_ajaxproxytoken="+_29f; } else { _2a5="method="+_29e+urlToken+"&_cf_ajaxproxytoken="+_29f; } /* end change 1 */ var _3b1="_cf_nodebug=true&_cf_nocache=true"; if(window._cf_clientid){ _3b1+="&_cf_clientid="+_cf_clientid; } /* start change 2 */ if (!(typeof urlToken === 'undefined')) { _3b1+=ulrToken; } /* end change 2 */
Comment by External U.
1809 | September 15, 2016 02:09:44 PM GMT
Hi Jay Could you share a snippet of the code with which you are facing this issue. Thanks!
Comment by S P.
1810 | September 27, 2016 02:35:28 AM GMT
Look in the comment below. Hw put the snippets there.
Comment by External U.
1811 | September 27, 2016 08:29:29 AM GMT
Hi S. Preethi, If you'd like, I can attach the full file with our changes in addition to the previously included snippets. Please let me know. Thanks, Jay
Comment by External U.
1812 | September 27, 2016 10:24:57 AM GMT
Hi Jay, I was requesting for the cfml code making the ajax request that is causing this issue for you, when there is no change made to the js file. That would be helpful to repro the issue. Thanks, Preethi
Comment by S P.
1813 | October 03, 2016 12:46:15 AM GMT
Hi Preethi, It is difficult to give you our exact code because we have many files and calls to try to port over. Basically, you just need to disable cookies in your browser, create a coldfusion session, and make an AJAX request to a function which references the session vars. If you prefer me to create simple code to repro this issue, I will. Thanks, Jay
Comment by External U.
1814 | October 03, 2016 10:11:18 AM GMT
Hi Jay, That would be really helpful, because I tried to repro this with some simple code making the ajax request which in turn call the 'cfajax.js' file. But I did not hit this issue. So, if you could share a simpler version of your code, it would be helpful. Thanks!
Comment by S P.
1815 | October 04, 2016 12:53:46 AM GMT
No problem. I'll work on it today and get back to you! Thanks, Jay
Comment by External U.
1816 | October 04, 2016 09:57:52 AM GMT
Hi Preethi, I've attached a zip file with 3 coldfusion files. Navigate to /ajaxTest.cfm When cookies are turned off, the page will alert "Server var is not defined". If cookies are enabled, the file will alert true. (It took me a little while to get cookies completely disabled.) Notice in the AJAX call that I'm referencing a session variable that is defined on /ajaxTest.cfm Please let me know if you have any questions. Thanks, Jay
Comment by External U.
1817 | October 04, 2016 01:39:04 PM GMT
Hi Preethi, I was just wondering if you needed anything else? Thanks, Jay
Comment by External U.
1818 | November 01, 2016 11:58:27 AM GMT
Hi Jay, Thank you so much for your response, we have been able to repro the issue and are looking at fixing it. Regards, Preethi
Comment by S P.
1819 | November 03, 2016 12:55:15 AM GMT
Comment by External U.
1820 | November 03, 2016 08:27:15 AM GMT
Hi S Preethi, I was curious about the status of this bug fix? We would like to update our CF instance with the fix. Thanks, Jay
Comment by Jay K.
1821 | December 21, 2016 04:49:35 PM GMT
Hi, I was curious about the status of this bug fix? We would like to update our CF instance with the fix. Thanks, Jay
Comment by Jay K.
1822 | February 22, 2017 05:04:00 PM GMT
Hi Jay, Please do provide us with the following details: *Can you provide the full file content with your changes in it (cfajax.js) *Also, can you provide the detail as to until which version/update it was working and from which version/update it stopped working. Thanks!
Comment by S P.
1823 | June 01, 2017 10:31:39 AM GMT
Hi Preethi, *I have attached the requested file. *We are currently on ColdFusion 11 Update 9. I don't know exactly when it stopped working, but it's been at least a few years. If you'd like, we can upgrade to the latest version and make the changes again. Thanks, Jay
Comment by Jay K.
1824 | June 01, 2017 02:17:26 PM GMT
Hi Jay, thank you for providing us with the requested details!
Comment by S P.
1825 | June 02, 2017 09:29:04 AM GMT
Hi Preethi, I was just following up to check on the status of this fix? Also, I recently updated my development environment to CF 2016 and noticed the issue still exists there as well. Thanks, Jay
Comment by Jay K.
1826 | November 09, 2017 03:18:18 PM GMT
Hi Jay, Looks like the file you have shared does not contain the changes you were suggesting. Could you please share that. Thanks!
Comment by S P.
1827 | January 24, 2018 05:39:27 AM GMT
Hi Jay, Please do share with us the file with the changes you had suggested. Thanks!
Comment by S P.
27266 | April 02, 2018 04:07:05 AM GMT
Hi Jay, Please do share with us the file with the changes you had suggested. I don't see any Updated Files Thanks
Comment by Manas M.
30015 | December 06, 2018 12:10:37 PM GMT
Hi Manas, Let me see if I can answer the question for Jay. I see he said CF11u9 cfajax.js. So, I checked a test machine and found a CF11u7 install. Pretty close. I ctrl+f CF11u7's cfajax.js for both "&_cf_ajaxproxytoken=" and "var _3b1" and found the sections Jay refers to in his 09/15/2016 14:09:44 GMT comment. So I've attached that cfajax.js as "cfajax_11.0.07.296330.js" Then I applied his changes, from his 09/15/2016 14:09:44 GMT comment, and attached the updated cfajax.js as "cfajax_11.0.07.296330_fixed.js ". Note: When I ctrl+f for "="&_cf_clientid="+_cf_clientid;", I see 2 occurrences. So, possibly his 2nd change needs to be applied at both of those occurrences? Question: If you're fixing CF11 could you also fix CF2016 and CF2018? Thanks!, -Aaron
Comment by Aaron N.
30021 | December 07, 2018 05:38:59 AM GMT
As per our Dev: "Jay's code change suggests to add urlToken variable which has not been defined anywhere. Neither does CF code generate this variable in the generated JS code." This looks like 'NotABug'. Will wait for a week to allow user to get back on this before withdrawing the bug.       
Comment by Nitin K.
30775 | May 20, 2019 09:53:31 AM GMT
In my test case, the session is still dropped when an AJAX call is made. Maybe my fix isn't the best fix, but it works for us. This is definitely a bug... Here is a line of code that we include in the header. var urlToken="<cfif IsDefined("session.urlToken")>&<cfoutput>#session.urlToken#</cfoutput></cfif>";
Comment by Jay K.
30778 | May 20, 2019 04:11:38 PM GMT