问题描述

CFMX 8 Enterprise

我已打开内存变量下的使用J2EE会话变量设置，因为安全要求声明持久性Cookie不能使用。

I have turned on the "Use J2EE session variables" setting under Memory Variables because security requirements state that persistent cookies cannot be used.

我知道打开此设置会告诉CF只创建和使用JSESSIONID会话cookie。

I understood that turning this setting on will tell CF to only create and use a "JSESSIONID" session cookie.

但是，我的服务器仍然显示创建并使用旧版CFID和CFTOKENCookie，到期日期为三十年。

However, my server still appears to be creating and using the old-style "CFID" and "CFTOKEN" cookies with expiration dates thirty years hence.

现在，显然，我可以在我的Application.cfc中使用CFCOOKIE操作CFID和CFTOKEN的旧技巧来删除到期日期，但这是我需要添加到我的所有应用程序。

Now, obviously, I can do the old trick of manipulating CFID and CFTOKEN with CFCOOKIE in my Application.cfc to remove the expiration date, but that's something I'd need to add to all of my applications.

它是简单的重新启动ColdFusion服务吗？一个错误？

Is it as simple as a restart of the ColdFusion service? A bug? Or am I just misunderstanding the setting?

推荐答案

从在线KB数据库：

所以生成CFID和CFTOKEN，但忽略。

So CFID and CFTOKEN are generated, but ignored.

这篇关于无法关闭CFMX 8中的持续跟踪Cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！