CFCOOKIE  
Description

Defines web browser cookie variables, including expiration and security options.

 
Category

Forms tags, Variable manipulation tags

 
Syntax
    <cfcookie 
   name = "cookie_name"
   value = "text"
   expires = "period"
   secure = "Yes" or "No"
   path = "url"
   domain = ".domain">

  
 
See also

cfdump, cfparam, cfregistry, cfsavecontent, cfschedule, cfset

 
Usage

If this tag specifies that a cookie is to be saved beyond the current browser session, ColdFusion writes or updates the cookie to the cookies.txt file. Until the browser is closed, the cookie resides in memory. If the expires attribute is not specified, the cookie is written to the cookies.txt file.

If you use this tag after the cfflush tag on a page, ColdFusion throws an error.

To set cookies and execute a redirect in the same page, use the cfheader tag to specify the new target URL; for example:

<cfheader name="location" value="OtherPage.cfm?foo=bar">
<cfheader statusCode="302" statusText="Document Moved">
<cfabort>

You can use dots in names within the cookie and client variable scopes, as the following examples show:

<cfcookie name="person.name" value="wilson, john">
<cfset cookie.person.lastname="Santiago">
<cfcookie name="a.b.c" value="a value">
<cfset client.foo.bar="a_value">
Caution: Do not set a cookie variable on the same page on which you use the cflocation tag. If you do, the cookie is never saved on the browser.
 
Example
<!--- This example shows how to set/delete a cfcookie variable --->
<!--- Select users who have entered comments into sample database --->
<cfquery name = "GetAolUser" dataSource = "cfsnippets">
   SELECT EMail, FromUser, Subject, Posted
   FROM  Comments
</cfquery>
<html>
<body>
<h3>cfcookie Example</h3>
<!--- if the URL variable delcookie exists, set cookie expiration date to NOW --->
<cfif IsDefined("url.delcookie") is True>
   <cfcookie name = "TimeVisited"
   value = "#Now()#"
   expires = "NOW">      
<cfelse>
<!--- Otherwise, loop through list of visitors; stop when you match 
the string aol.com in a visitor's e-mail address --->
<cfloop query = "GetAolUser">
   <cfif FindNoCase("aol.com", Email, 1) is not 0>
      <cfcookie name = "LastAOLVisitor"
      value = "#Email#"
      expires = "NOW" >      
   </cfif>
</cfloop>
<!--- If the timeVisited cookie is not set, set a value --->
   <cfif IsDefined("Cookie.TimeVisited") is False>
      <cfcookie name = "TimeVisited"
      value = "#Now()#"
      expires = "10">
   </cfif>
</cfif>
<!--- show the most recent cookie set --->
<cfif IsDefined("Cookie.LastAOLVisitor") is "True">
   <p>The last AOL visitor to view this site was
   <cfoutput>#Cookie.LastAOLVisitor#</cfoutput>, on
   <cfoutput>#DateFormat(COOKIE.TimeVisited)#</cfoutput>
<!--- use this link to reset the cookies --->
<p><a href = "cfcookie.cfm?delcookie = yes">Hide my tracks</A>
<cfelse>
   <p>No AOL Visitors have viewed the site lately.
</cfif>
NAME  
  Required
 

Name of cookie variable.

VALUE  
  Optional
 

Value to assign to cookie variable.

EXPIRES  
  Optional
 
Default value: "now"

Expiration of cookie variable.

  • A date (for example, 10/09/97)
  • A number of days (for example, 10, or 100)
  • now: deletes cookie from client cookie.txt file
  • never: never deletes cookie from client; writes cookie data to cookie.txt file
SECURE  
  Optional
 

If browser does not support Secure Sockets Layer (SSL) security, cookie is not sent.

  • Yes: variable must be transmitted securely
  • No
PATH  
  Optional
 

URL, within a domain to which the cookie applies.

path = "/services/login"

To specify multiple URLs, use multiple cfcookie tags.

If you specify path, you must also specify domain.

DOMAIN  
  Required if path attribute is specified
 

Domain in which cookie is valid and to which cookie content can be sent. Must start with a period. If the value is a subdomain, the valid domain is: all domain names that end with this string. The cookie is set securely only if the page in which the cookie is used is referenced using the https:// protocol.

For a domain value that ends in a country code, the specification must contain at least three periods; for example, "mongo.state.us". For special top-level domains, two periods are required; for example, ".mgm.com".

You cannot use an IP address as a domain.