How to kill a coldfusion cookie??

Report · Jul 13, 2011

I set cookies like this:

I try to kill the cookie like this:

This does NOT work. the cookie remains.

I've tested on mozilla and IE

I don't get it.

Report · Jul 13, 2011

When you say it "remains", do you mean the cookie physically stays on the client PC, or you can still reference the variable in the COOKIE scope?

From the docs: "deletes cookie from client cookie.txt file (but does not delete the corresponding variable the Cookie scope of the active page)."

Report · Jul 13, 2011

Yes it was still available in scope.

But once I added the domain attribute it worked. Weird. I've never used that before, not sure why it was necessary now. It's all on the same domain.

Report · Jul 13, 2011

If you're using domain cookies then you'll need to use it here too. I.e. the domain of the cookie you're deleting will need to match up exactly with the CFCOOKIE delete statement.

Report · Jul 14, 2011

You can use structDelete(cookie,"ckwhatever",true) to clear the cookie structure.

Report · Jul 14, 2011

True, but that won't remove the cookie from the user's browser, so the variable will come back on the next request.

Report · Jul 14, 2011

It amazes me that coldfusion has no native way to truly just get rid of a cookie you created from the computer and from the page.

Report · Jul 14, 2011

It does, you just did it?

Report · Jul 14, 2011

To test wheather we can delete the cookie variable or not i have performed the following steps.

Page Name:setcookie.cfm

Note:I am setting cookie in this page.

Code:<cfcookie name="mytestcookie" value="testvalue" expires="never">

Output:

struct
MYTESTCOOKIE	testvalue

kill

Page Name:killcookie.cfm

Note:I am deleting and viewing cookie in this page.

Code:

deleting cookie<br>

<a href="result.cfm">result</a>

output:

struct
MYTESTCOOKIE	testvalue

deleting cookie

struct
MYTESTCOOKIE	[empty string]

result

Page Name:result.cfm

Note: See wheather cookie deleted or not

Code:<cfdump var="#cookie#">

Output:

struct [empty]

I think after setting expires attr in cfcookie tag the cookie variable is not getting deleted in that page.

Report · Jul 14, 2011

I think after setting expires attr in cfcookie tag the cookie variable is not getting deleted in that page.

Which is a bit like what I quoted earlier from the docs:

"deletes cookie from client cookie.txt file (but does not delete the corresponding variable the Cookie scope of the active page)."

Report · Jul 14, 2011

yes you are right. I just explained.

Report · Aug 17, 2011

I am experiencing issues with cookie killing as well so I read through this post. I tried to utilize the domain attribute and that didn't make a difference. I cannot remove my cookie from the local pc. Frustrating. I never used to have problems with this and it seems to work just fine in Firefox. I am currently experiencing the problem using IE 7 (go figure).

The cookie is set like this in the Application.cfm

Here is my cookie removal code. When a user clicks "Logout" on my site they get directed to logout.cfm which contains the code below...

Report · Aug 17, 2011

What version of ColdFusion are you using?

Would it be possible for you to capture and post the request and response headers for the cookie set and cookie kill?

Report · Aug 17, 2011

Version: cf9

I will attempt to do that but am not sure how. Firebug? If firebug, how specifically.

Thx

Report · Aug 17, 2011

I would use the firefox plugin called HTTP Live Header. It is great for that kind of stuff

Report · Aug 31, 2012

I know this is an older thread, but it's probably going to be helpful for others reading. In reply #11 above, the last line is a <cflocation> - this will essentially ignore any cookie changes made on the page. You'll either need to do a cfheader or a javascript location.href to keep your cookie changes in place.

Report · Aug 31, 2012

Sorry to bust your bubble, but that cfcookie/cflocation behavior you are talking about was fixed something like 10 years ago (CF6, I believe). You've been able to put the two on the same page for a Loooooong time. Go ahead and try it.

Update: Here is the page in the CFWACK 7 to back that up.

CFWACK 7 Page 1008

http://books.google.com/books?id=AjwrgJQQuNYC&pg=PA1008&lpg=PA1008&dq=cfcookie+cflocation&source=bl&...

jason

Report · Aug 31, 2012

Thanks for the smart-@ss reply (bust my bubble). I'll check it out. I know I'd had major headaches in the past regarding this so I posted. My bad.

Report · Aug 31, 2012

Cflocation hasn't undine cookie changes for me but I'll go check again.

Sent from my iPhone

Report · Aug 31, 2012

There's no need to check again. Like I said, that behavior no longer exists.

jason

Report · Mar 29, 2013

I too have had problems resetting cookies on various browsers even with CF 9. What I've found seems to work every time is to delete the cookie, and then reset it, for example:

<cfset delete_cookie=StructDelete(cookie,"member_ID")>

<cfcookie name="member_ID" value="0" domain=".phenom.aero" expires="never">

Simply resetting or expiring the cookie does not work reliably, for example:

Can anybody tell me why? Am I missing something really simple here?

Report · Jun 14, 2013

I just got this to work in an older version of Coldfusion(5). We will be migrating soon. Does this work in your version?

<cfoutput>"Cookie is Gone"</cfoutput>

<cfoutput>"Cookie exists"</cfoutput>

</cfif>

I put this after <CFAPPlication> with

<cfapplication

name = "YourAPPName"

clientmanagement="yes"

sessionmanagement="yes"

setclientcookies="yes"

sessiontimeout="#CreateTimeSpan(0, 0, 30, 0)#"

applicationtimeout="#CreateTimeSpan(0, 0, 30, 0)#" clientstorage="Registry"

>

To test it, I reload the page. It alternates between the "Cookie is Gone" and "Cookie exists". Let me know if that works for you.