May 1, 2014

Cookies : setDomainCookies Funda

All knows what setDomainCookies does.
If not Please revisit "setDomainCookies  Used to set CFID and CFTOKEN cookies for a domain (not just a host) ". and generally we use to set it as false always.

I faced real time problem in my Application few days back.
We create multiple websites through single Applications, Hosted with different domains.

The issue was here:
Let's say we have 2 different websites altogether.
Named as
1. shamRealty.indiatimes.com
2. kasleRealty.indiatimes.com

The problem was when you open shamRealty.indiatimes.com and on another tab kasleRealty.indiatimes.com.
kasleRealty websites show same content of shamRealty.
More simple way: you have open Google.com in one tab and then opened Facebook in another tab, facebook.com opens with google page in it.
Weird right ?

I thought this might be some IIS related Issue, but once I clear my browser cookie/cache. Issue was not reproducible.

I start looking into Cookie assignment and found this:
CFID and CFTOKEN was generating twice in website
one for
shamRealty.indiatimes.com (CFID:2313, CFTOKEN:234124)
and one for
.indiatimes.com (CFID:23412 , CFTOKEN:345435)

These give us a hint that why domain specific CFID/CFTOKEN is generating.
We start Looking into Application Level settings and found that by mistake we have enabled setDomainCookies to true.

Funda : Don't enable setDomainCookies to true until your application is not running in Clustered Environment because If CFID and CFToken variable combinations already exist on each host in the cluster, ColdFusion migrates the host-level variables on each cluster member to the single, common domain-level variable.
source - Adobe

So we have turned off setDomainCookies and Issue was solved.
Hope it may help