java.lang.IllegalArgumentException: Cookie name [nxt/gateway.dll/userguid] is a reserved token

Report · Mar 12, 2024

Using Coldfusion 2023 we are having an issue setting a cookie that we previously did not have an issue with when using Coldfusion 11. As I understand it that / character is the reserved token; however, our software vendor is using this cookie name. Is there a way to override this or otherwise work around this issue?

Report · Mar 12, 2024

Does this vendor control (and prevent you changing) your cfml code? Or do you mean your vendor creates the cookies that your cfml code is tripping over?

If it's the latter, one option may be to use web server rewrites, which (besides changing incoming urls) can also modify incoming headers like cookies, in name or value. Then perhaps you could change your cfml code to handle the changed cookies in cfml.

Looking forward to hearing more on this from you.

/Charlie (troubleshooter, carehart. org)

Report · Mar 21, 2024

Do I understand correctly that the issue arises when you attempt to save the cookie using nxt/gateway.dll/userguid as the name? If so, then the likely reason is that Adobe's ColdFusion engineers have changed the rules for cookie name.

The engineers regularly update ColdFusion's tags and functions. That not only ensures that ColdFusion keeps improving as a platform. It also ensures that ColdFusion is more and more in tune with universal specifications. One such set of specifications is RFC 6265 for HTTP cookies.

As ChatGPT confirms, the forward slash is a separator and may not be used in a cookie name. I hope Adobe's ColdFusion Team will urgently modify the documentation on cookie name.

java.lang.IllegalArgumentException: Cookie name [nxt/gateway.dll/userguid] is a reserved token

Photos