I have a ColdFusion 9 application configured on a specific example.com domain and another configured on a subdomain, subdomain.example.com.
In Application.cfc, both applications support session management and host-specific cookies (not domain-specific):
SessionManagement = true;
SetDomainCookies = false;
When using IE, the first visit to example.com will establish a pair of CFIDs; CFTOKEN . But it is known that IE will send these cookies to all subdomains if the DOMAIN cookie attribute is not specified ( Internet Explorer Cookie FAQ, Q3 ).
Unfortunately, this applies to the SESSION area. The following screenshot shows how cookies sent to / from IE do not have a domain attribute:
, subdomain.example.com CFID CFTOKEN ( example.com, subdomain.example.com). ColdFusion , .
, , SESSION CFCOOKIE, , . <cfcookie name="foo" value="bar" domain="#CGI.SERVER_NAME#" />
?
, SESSION?