bdw429s
commented
7 years ago @ddspringle is there an error at all? What CF engine are you starting? What version of CommandBox?
Closed ddspringle closed 7 years ago
bdw429s
commented
7 years ago @ddspringle is there an error at all? What CF engine are you starting? What version of CommandBox?
ddspringle
commented
7 years ago @bdw429s Thanks for reaching back! Further details below:
No error is produced on-screen, console or in the lucee logs, the cookie is simply not sent to the browser.
CommandBox versions tested:
CommandBox 3.2.0+xxx CommandBox 3.4.0+00517
Lucee versions tested:
Lucee 4.5.4.017 final Lucee 5.0.0.254 Lucee 5.1.0.34
I've created a new branch of this repo with both types of cookie setting called cookie-test. You'll need an object store cache named 'session_storage' (or change it in App.cfc) set-up and, optionally, the user database table to register/login. Either way, hitting the Login button from the main screen should set a cookie named __secure_auth_id with a zero value on the login page, but it doesn't.
Logging in (with proper creds) looks for that cookie. If I set the cookie with cookie[ application.cookieName ] = 0; in the main.default controller function then it sets the cookie, and thus let's me past that check but doesn't set the next cookie (during main.authenticate) and so subsequent checks in the security service fail, etc. Turtles all the way down :)
oh, and you can box install fw1-sa to get the master branch and then git the cookie-test over it - to make this as painless as possible if you want a look. I, admittedly, have not yet had time to do a more simple test case for this. I'll work on that this evening if you don't feel like or have time for this whole rigmarole here :)
Thanks again!
ddspringle
commented
7 years ago @bdw429s This goes back to the Slack conversation we had about cookies in ColdBox with the domain= part of setting a cookie with ports in CommandBox. I was thinking it was a ColdBox issue so I glazed over it (derp). I have a fix in place now. Thanks for getting me thinking deeper about the problem!
bdw429s
commented
7 years ago Hi @ddspringle , are there still issues with CommandBox and setting cookies or are we good now? I just did a quick test and I'm able to set a cookie in CommandBox using the addHeader() method.
ddspringle
commented
7 years ago @bdw429s All good now. It was the port being expressed in domain=#CGI.HTTP_HOST# that was at issue in CommandBox, I've worked around it with domain=#listFirst( CGI.HTTP_HOST, ':' )#.
bdw429s
commented
7 years ago Excellent, good to hear you're on your way!
getPageContext().getResponse().addHeader("Set-Cookie"...AND
cfcookie(...)both fail to set a cookie when using fw1-sa within CommandBox.
I'd previously run into this when building out a project for a client and the only solution I could find, less than ideal, was to use:
cookie.blah = ...I'll have to see if I can snake some of @bdw429s time to see if there is a better general workaround when using fw/1 under CommandBox for setting cookies w/ all the fixings (domain, path, expires, HTTPOnly, etc.)