View comments | RSS feed
Contents > CFML Reference > ColdFusion Tags > cfcookie PreviousNext

cfcookie

Defines web browser cookie variables, including expiration and security options.

Forms tags, Variable manipulation tags 

<cfcookie 
   name = "cookie_name"
   value = "text"
   expires = "period"
   secure = "Yes" or "No"
   path = "url"
   domain = ".domain">

cfdump, cfparam, cfregistry, cfsavecontent, cfschedule, cfset

ColdFusion MX 6.1:

Attribute

Req/Opt

Default

Description

name

Required

 

Name of cookie variable. ColdFusion converts cookie names to all-uppercase. Cookie names set using this tag can include any printable ASCII characters except commas, semicolons or white space characters.

value

Optional

 

Value to assign to cookie variable. Must be a string or variable that can be stored as a string.

expires

Optional

 

Expiration of cookie variable.

  • The default: the cookie expires when the user closes the browser, that is, the cookie is "session only".
  • A date or date/time object (for example, 10/09/97)
  • A number of days (for example, 10, or 100)
  • now: deletes cookie from client cookie.txt file (but does not delete the corresponding variable the Cookie scope of the active page).
  • never: The cookie expires in 30 years from the time it was created (effectively never in web years).

secure

Optional

 

If browser does not support Secure Sockets Layer (SSL) security, the cookie is not sent. To use the cookie, the page must be accessed using the https protocol.

  • Yes: variable must be transmitted securely
  • No

path

Optional

 

URL, within a domain, to which the cookie applies; typically a directory. Only pages in this path can use the cookie. By default, all pages on the server that set the cookie can access the cookie.

path = "/services/login"

To specify multiple URLs, use multiple cfcookie tags.

If you specify path, you must also specify domain.

domain

Required if path attribute is specified.
Optional otherwise

 

Domain in which cookie is valid and to which cookie content can be sent from the user's system. By default, the cookie is only available to the server that set it. Use this attribute to make the cookie available to other servers.

Must start with a period. If the value is a subdomain, the valid domain is all domain names that end with this string. This attribute sets the available subdomains on the site upon which the cookie can be used.

For a domain value that ends in a country code, the specification must contain at least three periods; for example, ".mongo.state.us". For top-level domains, two periods are required; for example, ".mgm.com".

You cannot use an IP address as a domain.

If this tag specifies that a cookie is to be saved beyond the current browser session, the client browser writes or updates the cookie in its local cookies file. Until the browser is closed, the cookie resides in browser memory. If the expires attribute is not specified, the cookie is not written to the browser cookies file.

If you use this tag after the cfflush tag on a page, ColdFusion does not send the cookie to the browser; however, the value you set is available to ColdFusion in the Cookie scope during the browser session.

Note: You can also create a cookie that expires when the current browser session expires by using the cfset tag or a CFScript assignment statement to set a variable in the Cookie scope, as in <cfset Cookie.mycookie="sugar">. To get a cookie's value, refer to the cookie name in the Cookie scope, as in <cfif Cookie.mycookie="oatmeal">.

You can use dots in cookie names, as the following examples show: 

<cfcookie name="person.name" value="wilson, john">
<cfset cookie.person.lastname="Santiago">

To access cookies, including cookies that you set and all cookies that are sent by the client, use the Cookie scope. For example, to display the value of the person.name cookie set in the preceding code, use the following line:

<cfoutput>#cookie.person.name#</cfoutput>


<!--- This example shows how to set/delete a cfcookie variable --->
<!--- Select users who have entered comments into sample database --->
<cfquery name = "GetAolUser" dataSource = "cfsnippets">
   SELECT EMail, FromUser, Subject, Posted
   FROM Comments
</cfquery>
<html>
<body>
<h3>cfcookie Example</h3>
<!--- if the URL variable delcookie exists, set cookie expiration date to NOW --->
<cfif IsDefined("url.delcookie") is True>
   <cfcookie name = "TimeVisited"
   value = "#Now()#"
   expires = "NOW">      
<cfelse>
<!--- Otherwise, loop through list of visitors; stop when you match 
the string aol.com in a visitor's e-mail address --->
<cfloop query = "GetAolUser">
   <cfif FindNoCase("aol.com", Email, 1) is not 0>
      <cfcookie name = "LastAOLVisitor"
      value = "#Email#"
      expires = "NOW" >      
   </cfif>
</cfloop>
<!--- If the timeVisited cookie is not set, set a value --->
   <cfif IsDefined("Cookie.TimeVisited") is False>
      <cfcookie name = "TimeVisited"
      value = "#Now()#"
      expires = "10">
   </cfif>
</cfif>
<!--- show the most recent cookie set --->
<cfif IsDefined("Cookie.LastAOLVisitor") is "True">
   <p>The last AOL visitor to view this site was
   <cfoutput>#Cookie.LastAOLVisitor#</cfoutput>, on
   <cfoutput>#DateFormat(COOKIE.TimeVisited)#</cfoutput>
<!--- use this link to reset the cookies --->
<p><a href = "cfcookie.cfm?delcookie = yes">Hide my tracks</A>
<cfelse>
   <p>No AOL Visitors have viewed the site lately.
</cfif>
Contents > CFML Reference > ColdFusion Tags > cfcookie PreviousNext

ColdFusion 8 | ColdFusion MX 7 | ColdFusion MX 6.1 | ColdFusion MX | Forums | Developer Center | Bug Reporting

Version 6.1

Comments are no longer accepted for ColdFusion MX 6.1. ColdFusion 8 is the current version.

Comments


No screen name said on Nov 30, 2004 at 9:45 AM :
I am unable to get the expiration parameter to work with anything but a number of days (i.e. expires="1"). I need the cookie to expire 4 hours from the time it is created. I have tried both creating a datetime object at runtime and hardcoding a date/time (i.e. 12-01-2004 00:00:00). In both cases the cookie is created but expires as soon as the browser is closed.
MarkZet said on Dec 2, 2004 at 1:05 AM :
Our intranet server is accessed through its netbios name, which does not contain two dots (the minimum amount that is required by Internet Explorer when setting a domain cookie). Therefore, we cannot set a cookie for the intranet with a path using the CFCOOKIE tag.
A workaround for this issue:
<CFHEADER
name="Set-Cookie"
value="COOKIENAME=val;path=/test/;expires=#GetHttpTimeString(dExpiryDate)#">

Why is it that the domain is necessary when specifying a path?
halL said on Dec 3, 2004 at 12:02 PM :
The ColdFusion cfcookie tag conforms to the requirements of the Netscape cookie specification, which requires a domain name and specifies that the domain name have at least two or three periods.
For the cookie specification, see http://wp.netscape.com/newsref/std/cookie_spec.html.
monochrome_jason said on Dec 8, 2004 at 2:37 AM :
>> <cfif Cookie.mycookie="oatmeal">
erm thats going to throw an error

<cfif Cookie.mycookie eq "oatmeal">
or
<cfif not comparenocase(Cookie.mycookie, "oatmeal")>
vadtec said on Jan 16, 2005 at 7:13 PM :
These LiveDocs should really include information on variable naming on *nix OSes. For instance, is it COOKIE.whatever, cookie.whatever, Cookie.whatever, or is it cOoKiE.whatever? For *nix OSes, this is usually a big deal, because they are case-sensetive. Winblows could care less (but then again Winblows sucks) but unfortunately MicroShaft has the market for ColdFusion "ease-of-use". If there is a *nix version of these LiveDocs, please tell me where it is and re-organize macromedia.com to be more friendly to the *nix community. Don't just offer a *nix version and then have nothing but Winblows documentaion (for the most part).
xigarete said on Feb 23, 2005 at 5:59 PM :
1) CF filenames are case sensitive in *nix, but almost nothing else is

2) There should be a way to explicitly set a cookie to session (instead of implicitly by not setting that variable) You'd want to do this if you were writing a flexible function that used this and might set session and nonsession cookies.
ptyng said on May 4, 2005 at 12:20 PM :
There is nothing in that spec about requiring domain when a path is required or leading periods. They even give examples with paths and no domain specified. Perhaps Macromedia needs to re-read the spec and conform to it in addition to just saying they do.
marnen said on Feb 16, 2006 at 7:57 AM :
Actually, the spec *does* specify that many periods. Quote:
> Only hosts within the specified domain can set a cookie for a domain and domains must have at least two (2) or three (3) periods in them to prevent domains of the form: ".com", ".edu", and "va.us". <

 

RSS feed | Send me an e-mail when comments are added to this page | Comment Report

Current page: http://livedocs.adobe.com/coldfusion/6.1/htmldocs/tags-a18.htm