[butchart]

I have an application where the administrators have to log in. If they pass the log in test I set a client variable with

<cfset client.pass=1>

. I test this variable in every template in the admin's directory. If the client variable is defined they don't have to log in. It's always worked that way for me. However today I was informed (after two years) that one of the administrators has to log in every time. Why would that be?

I have clientmanagement="yes" and setclientcookies="yes" in the application.cfm. I have no browser cookie called "pass" on my machine so I assume the variable is store on the server's registry.

[Craig328]

Hi and welcome to DIC butchart!

The most obvious reason why a user's client variables aren't working is because their browser doesn't allow the setting of cookies by your application. This is kind of an old issue that was much more common 5+ years ago and nowadays you don't see many people so paranoid as to block cookies from being set on their browsers.

In CF, there are two main cookies that are set for each session (which the client scope uses): CFID and CFTOKEN. Occasionally you'll see them appended to the address as URL variables. Typically that happens when the users has blocked cookies being set on their browser (and assuming you've configured your application properly to use them). When CF sets a client variable which are held server side, CF needs some way to tell which user's client struct is which. They do this by referencing the CFID and CFTOKEN values set on the user's machine for that session. However, if the user blocks cookies there is no CFID or CFTOKEN so CF attempts to set new values for each and any information (like "pass") is lost to that new session.

Have your user set their browser to allow cookies from your app's domain and you should be good to go. If they're not willing to do that, there are ways to use the client state without the user allowing cookies.

Good luck!