Strange cookie issue(s)

Report · Jan 05, 2012

I posted a long time ago about why cfcookie was not working well in IE. What was happening was that no matter what I did (expires="now", structdelete, cflogout) the cookies persisted on the local machine and could not be deleted. It only happened in IE. We decided the problem was related to the domain http://mydomain.com vs. http://www.mydomain.com. Since then I've done a 301 redirect so that the www. prefix will be appended to all pages and the cookie problem is still occurring.

The question is, what is the most effective way of permanently deleting a cookie using coldfusion 9??? Please don't use expires="now", structdelete, or cflogout as an answer because none of those work.

Thanks!

Report · Jan 05, 2012

The question is, what is the most effective way of permanently deleting a cookie using coldfusion 9??? Please don't use expires="now", structdelete, or cflogout as an answer because none of those work.

Really? Setting the EXPIRES attribute has always worked for me. So, I suspect something else is happening than what you think.

Dave Watts, CTO, Fig Leaf Software

Dave Watts, Eidolon LLC

Report · Jan 05, 2012

That isn't helping much.

Here's a good example....

I run a .cfm page that has the following code. My cookie named site_username was: billygoat

---------------------------

---------------------------

The result? billygoat

Report · Jan 05, 2012

Did you check the HTTP response from that request to see if a new SET-COOKIE was being sent? I am unsure of the result of deleting the key formt he cookie struct after you set the cookie? Will it even be sent at all? And what is the point of deleting the key for that matter? Delete the third line of your example code and try it again.

Jason

Report · Jan 05, 2012

Done. Same result.

Report · Jan 05, 2012

And did you check the HTTP Response? Can you post that?

You're not helping yourself much here.

Report · Jan 05, 2012

I posted on the forums because I can't help myself. Doesn't that make sense?

I have tried everything that I know how to do.

I am not lying about what is going on here. I simply can't delete the cookie. So, as I asked in my original post, if someone has a solution other than what I tried originally, please respond. Otherwise, don't.

Report · Jan 05, 2012

So you're not going to look at the HTTP Response?

btw, than answer to your original question is to use expires="now", because that DOES work. If it is not workign for you then YOU are doing something wrong. How are you setting your cookie?

A lot could be resolve if you showed some code. How are you setting the cookie? What are the attributes of the existing cookie? Domain? Path? Can you show the HTTP Response for when the cookie is being set and when you are trying to expire it? If you don't match those things properly then it will not work. You are so convinced that ColdFusion is the problem here. I doubt it is.

jason

Report · Jan 05, 2012

I am not convinced it's coldfusion. I have no idea what the problem is... but the code is written in cf.

Report · Jan 05, 2012

Just to reiterate what Jason is saying in his last paragraph that is probably the key to your problem... If certain attributes of the cookie do not match what the browser has it will keep it around.

Use something like IE cookies view to see what IE has stored for this cookie: http://www.nirsoft.net/utils/iecookies.html and then make sure your call to delete it contains the same domain, path, etc - the only thing you don't need to match is the expires.