Skip to main content
G
GuyMcMickle
Inspiring
June 1, 2013
Question

CF Admin - Default Storage for Client Variables Creates Persistent Cookie

  • June 1, 2013
  • 2 replies
  • 1226 views

In ColdFusion Administrator, Server Settings > Client Variables,  assigning Select Default Storage Mechanism for Client Sessions as Cookle  creates persistent cookies.  Cookie expriration dates are EXPIRES  5/25/2043 7:32:12 PM,  not EXPIRES  At the end of the Session

Persistent cookes are a security concern.  How are dates for ColdFusion issued cookies (e.g., CFGLOBALS) set to "NOW" so they become session cookies and disappear when browser (IE) is closed?

Thanks, Guy

Currently running CF8, but will soon be migrating to CF10.

This topic has been closed for replies.

2 replies

G
GuyMcMickleAuthor
Inspiring
June 7, 2013

I have tried expiring the cookie (<cfcookie name="CFGLOBALS" domain="local_domain_name" expires="now">).  Following this instruction cookie “disappears” from the browser’s cookies list.  But upon the next application page action, CFGLOBALS persistent cookie reappears. 

(Internet Explorer 9 <f12> | Cache > View cookie information: )

NAME

CFGLOBALS

VALUE

urltoken%3DCFID%23%3D2500930%26CFTOKEN%23%3D51334571%23lastvisit%3D%7Bts%20%272013%2D06%2D07%2015%3A07%3A14%27%7D%23timecreated%3D%7Bts%20%272013%2D06%2D07%2015%3A07%3A14%27%7D%23hitcount%3D2%23cftoken%3D51334571%23cfid%3D2500930%23

DOMAIN

Local_Domain_name

PATH

/

EXPIRES

5/31/2043 3:07:14 PM

Can CFGLOBALS cookie be configured to be a session cookie?

Thanks, Guy

G
GuyMcMickleAuthor
Inspiring
June 2, 2013

Can ColdFusion defined cookies' attributes ("expired") be controlled? 

Is CF dependent on Java interface for its cookie "expired" attribute?

Ref http://coldfusion.sys-con.com/node/42100  (Nov 11, 2003)

Using Nonpersistent (Session) Cookies

Nonpersistent cookies can be set using the CFCOOKIE tag ... . The key to creating a session cookie is to set the EXPIRES attribute in <CFCOOKIE> to "Now". EXPIRES is an optional attribute and defaults to "Now" if it is not specified.   By specifying EXPIRES="Now", a cookie is written to the client's memory.   If the cookie you are setting is already a persistent cookie on the client, setting EXPIRES="Now" removes the cookie from the cookie.txt file, leaving the cookie set in the client's memory. Setting session cookies can be created regardless of the value of SETCLIENTCOOKIES (Yes or No) in <CFAPPLICATION>.

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices