View comments | RSS feed
CFML Reference Previous Up One Level Next
ColdFusion Tags


cfcookie

Description

Defines web browser cookie variables, including expiration and security options.

Category

Forms tags, Variable manipulation tags

Syntax 

<cfcookie 
  name = "cookie_name"
  value = "text"
  expires = "period"
  secure = "Yes" or "No"
  path = "url"
  domain = ".domain">

See also

cfdump, cfparam, cfregistry, cfsavecontent, cfschedule, cfset

Attributes

Attribute Req/Opt Default Description
name
 Required
Name of cookie variable.
value
 Optional
Value to assign to cookie variable.
expires
 Optional
 now
 Expiration of cookie variable.
  • A date (for example, 10/09/97)
  • A number of days (for example, 10, or 100)
  • now: deletes cookie from client cookie.txt file
  • never: never deletes cookie from client; writes cookie data to cookie.txt file
secure
 Optional
If browser does not support Secure Sockets Layer (SSL) security, cookie is not sent.
  • Yes: variable must be transmitted securely
  • No
path
 Optional
URL, within a domain to which the cookie applies.
path = "/services/login"
To specify multiple URLs, use multiple cfcookie tags.
If you specify path, you must also specify domain.
domain
 Required if path attribute is specified
Domain in which cookie is valid and to which cookie content can be sent. Must start with a period. If the value is a subdomain, the valid domain is: all domain names that end with this string. The cookie is set securely only if the page in which the cookie is used is referenced using the https:// protocol.
For a domain value that ends in a country code, the specification must contain at least three periods; for example, "mongo.state.us". For special top-level domains, two periods are required; for example, ".mgm.com".
You cannot use an IP address as a domain.

Usage

If this tag specifies that a cookie is to be saved beyond the current browser session, ColdFusion writes or updates the cookie to the cookies.txt file. Until the browser is closed, the cookie resides in memory. If the expires attribute is not specified, the cookie is written to the cookies.txt file.

If you use this tag after the cfflush tag on a page, ColdFusion throws an error.

To set cookies and execute a redirect in the same page, use the cfheader tag to specify the new target URL; for example: 

<cfheader name="location" value="OtherPage.cfm?foo=bar">
<cfheader statusCode="302" statusText="Document Moved">
<cfabort>

You can use dots in names within the cookie and client variable scopes, as the following examples show: 

<cfcookie name="person.name" value="wilson, john">
<cfset cookie.person.lastname="Santiago">
<cfcookie name="a.b.c" value="a value">
<cfset client.foo.bar="a_value">

Caution:   Do not set a cookie variable on the same page on which you use the cflocation tag. If you do, the cookie is never saved on the browser.

Example 

<!--- This example shows how to set/delete a cfcookie variable --->
<!--- Select users who have entered comments into sample database --->
<cfquery name = "GetAolUser" dataSource = "cfsnippets">
  SELECT EMail, FromUser, Subject, Posted
  FROM  Comments
</cfquery>
<html>
<body>
<h3>cfcookie Example</h3>
<!--- if the URL variable delcookie exists, set cookie expiration date to NOW --->
<cfif IsDefined("url.delcookie") is True>
  <cfcookie name = "TimeVisited"
  value = "#Now()#"
  expires = "NOW">    
<cfelse>
<!--- Otherwise, loop through list of visitors; stop when you match 
the string aol.com in a visitor's e-mail address --->
<cfloop query = "GetAolUser">
  <cfif FindNoCase("aol.com", Email, 1) is not 0>
    <cfcookie name = "LastAOLVisitor"
    value = "#Email#"
    expires = "NOW" >    
  </cfif>
</cfloop>
<!--- If the timeVisited cookie is not set, set a value --->
  <cfif IsDefined("Cookie.TimeVisited") is False>
    <cfcookie name = "TimeVisited"
    value = "#Now()#"
    expires = "10">
  </cfif>
</cfif>
<!--- show the most recent cookie set --->
<cfif IsDefined("Cookie.LastAOLVisitor") is "True">
  <p>The last AOL visitor to view this site was
  <cfoutput>#Cookie.LastAOLVisitor#</cfoutput>, on
  <cfoutput>#DateFormat(COOKIE.TimeVisited)#</cfoutput>
<!--- use this link to reset the cookies --->
<p><a href = "cfcookie.cfm?delcookie = yes">Hide my tracks</A>
<cfelse>
  <p>No AOL Visitors have viewed the site lately.
</cfif>
Previous Up Next

ColdFusion 9 | ColdFusion 8 | ColdFusion MX 7 | ColdFusion MX 6.1 | ColdFusion MX | Forums | Developer Center | Bug Reporting

Version 6

Comments are no longer accepted for ColdFusion MX. ColdFusion 8 is the current version.

Comments


anandasim said on Jun 23, 2002 at 9:38 PM :
cfcookie documentation is very sparse about how to retrieve the cookie value.

Had to read over and over again and then see that the cookie valie is Cookie.var1

h2oman said on Jun 27, 2002 at 5:26 PM :
use the following cookies to force sessions to expire a session @ browser close, instead of letting the cookies persist for the length of the session timeout.
<cfcookie name="CFID" value="#Session.CFID#">
<cfcookie name="CFTOKEN" value="#Session.CFTOKEN#">
ctina said on Jul 11, 2002 at 8:14 PM :
Update from Macromedia: The CFCOOKIE EXPIRES = "NEVER" option causes the cookie to expire 30 years after the current date.
ctina said on Jul 19, 2002 at 7:19 PM :
Update from Macromedia, in response to anandasim, re cfcookie, getting a cokie value: thanks for your comment. We'll update the documentation to include more information.
sgilson102 said on Aug 12, 2002 at 9:26 PM :
Macromedia Update:

The documentation incorrectly states that creating a new cookie using cfcookie on the same page you use cflocation would result in the cookie not being created. The cookie will be created.

Stephen M. Gilson
Macromedia
wickedXen said on Jan 13, 2003 at 3:20 AM :
Mr. Gilson...
All other Macromedia Documentation dictates that it isn't set, and so does experience. <cfheader> is suggested for a good reason. :)

wickedXen
cfDev since dateformat(dateAdd("yyyy", -7, now()),"yyyy");
wickedXen said on Jan 13, 2003 at 3:24 AM :
oh... and BTW... I thought this documentation was gonna be updated... I'd like to see some examples and expanded discussion on the path and domain attributes and their effects. It would be even better if the docs in dwmx were atleast as complete as these... maybe even a livedox xml feed to dwmx 6.2? Oops sorry... This should be requested elsewhere. Sorry ;)

wickedXen
spage-mm said on May 2, 2003 at 2:53 AM :
Couple of things I've noticed:

1. <cfcookie> always creates an uppercase cookie name. CF is case-insensitive so if you set and read cookies only in CF you'll never notice. But if other server code sets a lower- or mixed-case cookie, CF's Cookie scope will only report one of the values, and you can't update the lowercase cookie from CFMX unless you use <cfheader name="Set-Cookie" ...>

2. If other code sets a cookie to a value with a comma in it and doesn't URL-encode it, CF gets very confused and only returns the part of the value in front of the comma. According to Netscape's original vague cookie spec you shouldn't have funny characters like commas in the cookie name-value pair, but not everyone obeys the spec. CF encodes and decodes funny characters in cookies that it sets and read.
No screen name said on Aug 4, 2004 at 12:22 PM :
The documentation never tells you how to change the value of a cookie, leaving it for everyone to figure out; here's how i finally figured it.

<cfset username="steve2" >
<cfif isDefined("cookie.rczqrz") >
<cfset cookie.rczqrz = username >
</cfif>
sdwebguy99 said on Oct 29, 2004 at 4:09 PM :
Something I have noticed. I use CFCOOKIE to set the cookie with an expires date of 20 years. Later in my app, I update the value of the cookie by using CFSET COOKIE.COOKIENAME = VALUE. Because I have cookie notification turned on, I see that the expires date of the new cookie is end of session. We are running CFMX 6.1 (no updater). Is this a known issue?
istvanb said on Jan 22, 2006 at 8:11 PM :
In addition to sdwebguy99's comment:
I set a cookie (with cfcookie) originally with the domain defined as "domain.com" - without "www.", so it works accross subdomains - but after trying to alter the cookie's value using cfset,instead of modifying the existing cookie, a new cookie was created with the same name, but with the domain "www.domain.com". (This is on CFMX 6.1)

 

RSS feed | Send me an e-mail when comments are added to this page | Comment Report

Current page: http://livedocs.adobe.com/coldfusion/6/CFML_Reference/Tags-pt119.htm