tracker issue : CF-4199524

select a category, or use search below
(searches all categories and all time range)

session data between sub domains

| View in Tracker

Status/Resolution/Reason: Closed/Withdrawn/Workaround

Reporter/Name(from Bugbase): branden johnson / branden johnson ()

Created: 08/22/2017

Components: Core Runtime, Session Management

Versions: 2016,11.0,2018

Failure Type: Incorrectly functioning

Found In Build/Fixed In Build: 2016.0.01.298513 /

Priority/Frequency: Normal / All users will encounter

Locale/System: ALL / Core

Vote Count: 0

i need to maintain session data between sub domains

you can do this easy by setting:

works perfectly because the cfid and cftoken cookies domain is set to "" instead of ""

here is the problem. we are using J2EE sessions.

so the cookie that we need to have its sub domain blank is the JSESSIONID

this cookie is not set to "" it remains ""

here is the workaround code i am using:
setclientcookies = no

then add this

<cffunction name="onSessionStart" returnType="void" output="false">

<cfcookie name="JSESSIONID" value="#session.sessionid#" domain="" httponly = "yes" encodeValue="false">


then do your regular onrequeststart stuff

this is just overriding the built in cookie stuff. the best option is still a setting change in the guts of coldfusion i think.



Hi Branden, Can you specify on which update level you are. Thanks!
Comment by S P.
398 | December 14, 2017 06:45:53 AM GMT
Hi Branden, Can you specify on which update level you are. Also, do let us know if you see the issue on the latest update. Thanks!
Comment by S P.
27264 | April 02, 2018 04:10:54 AM GMT
Hi Branden,  Wrt the above bug, could you confirm if you still see the issue and which update level you are on. Also, are you hitting it with the latest update?  Also could you tell me if there are any explicit setting that you are doing and also what the settings are under Memory variables in CF admin.  Thanks!
Comment by S P.
29671 | September 07, 2018 04:31:32 AM GMT
the issue is still there, but I have switched my site to full-time https so it is no longer necessary for me to have to jump subdomains. Version 2016.0.03.301771 Adobe Driver Version 5.1.4 (Build 0001) Java Version 1.8.0_112 Use J2EE session variables Enable Application Variables Enable Session Variables Session Storage in mem HTTPOnly
Comment by branden j.
29673 | September 07, 2018 01:42:03 PM GMT
When using J2EE session variables and want to share the cookie with sub-domains the domain needs to be added to the web.xml. It should be prefixed with dot and the sub-domain name.   <cookie-config> <domain></domain> </cookie-config>   Add the above xml element under <session-config> in web.xml.
Comment by S V.
30740 | May 13, 2019 09:25:45 AM GMT