cfcookie

Last updated on Feb 25, 2025 | Also applies to ColdFusion

ColdFusion

Open app

CFML Reference User Guide

ColdFusion functions

ColdFusion functions by category
Functions a-b
1. Abs
2. ACos
3. AddSOAPRequestHeader
4. AddSOAPResponseHeader
5. AjaxLink
6. AjaxOnLoad
7. ApplicationStop
8. ArrayAppend
9. ArrayAvg
10. ArrayClear
11. ArrayContains
12. ArrayContainsNoCase
13. ArrayDelete
14. ArrayDeleteAt
15. ArrayDeleteNoCase
16. ArrayEach
17. ArrayFilter
18. ArrayFind
19. ArrayFindAll
20. ArrayFindAllNoCase
21. ArrayFindNoCase
22. ArrayInsertAt
23. ArrayIsDefined
24. ArrayIsEmpty
25. ArrayLen
26. ArrayMap
27. ArrayMax
28. ArrayMin
29. ArrayNew
30. ArrayPrepend
31. ArrayReduce
32. ArrayResize
33. ArraySet
34. ArraySetMetadata
35. ArraySlice
36. ArraySort
37. ArraySum
38. ArraySwap
39. ArrayToList
40. Asc
41. ASin
42. Atn
43. AuthenticatedContext
44. AuthenticatedUser
45. BinaryDecode
46. BinaryEncode
47. BitAnd
48. BitMaskClear
49. BitMaskRead
50. BitMaskSet
51. BitNot
52. BitOr
53. BitSHLN
54. BitSHRN
55. BitXor
56. BooleanFormat
Functions-c-d
Functions-e-g
Functions-h-im
Functions-in-k
Functions-l
Functions-m-r
Functions-s
Functions-t-z
1. Tan
2. ThreadJoin
3. ThreadTerminate
4. Throw
5. TimeFormat
6. ToBase64
7. ToBinary
8. ToScript
9. ToString
10. Trace
11. Transactionandconcurrency
12. TransactionCommit
13. TransactionRollback
14. TransactionSetSavePoint
15. Trim
16. UCase
17. URLDecode
18. URLEncodedFormat
19. URLSessionFormat
20. Val
21. ValueList
22. VerifyClient
23. Week
24. Wrap
25. WriteDump
26. WriteLog
27. WriteOutput
28. WSGetAllChannels
29. WSGetSubscribers
30. WSPublish
31. WSSendMessage
32. XmlChildPos
33. XmlElemNew
34. XmlFormat
35. XmlGetNodeType
36. XmlNew
37. XmlParse
38. XmlSearch
39. XmlTransform
40. XmlValidate
41. Year
42. YesNoFormat

ColdFusion tags

ColdFusion tag summary
ColdFusion tags by category
1. Application framework tags
  1. cfapplication
  2. cfassociate
  3. cferror
  4. cfimport
  5. cfinterface
  6. cflock
  7. cfscript
  8. cfthread
2. Communications tags
3. Database manipulation tags
4. Data output tags
  1. cfchart
5. Debugging tags
  1. cfdump
  2. cftimer
  3. cftrace
6. Exception handling tags
  1. cfcatch
  2. cferror
  3. cffinally
  4. cfrethrow
  5. cfthrow
  6. cftry
7. Extensibility tags
  1. cfchart
  2. cfchartdata
  3. cfchartseries
  4. cfcollection
  5. cfcomponent
  6. cfexecute
  7. cfftp
  8. function
  9. cfindex
  10. cfinterface
  11. cfinvoke
  12. cfinvokeargument
  13. cfobject
  14. cfproperty
  15. cfreport
  16. cfreportparam
  17. cfreturn
  18. cfsearch
  19. cfsharepoint
  20. cfspreadsheet
  21. cfwddx
  22. cfxml
8. File management tags
  1. cfdirectory
  2. cffile
  3. cffileupload
  4. cfftp
  5. cfzip
  6. cfzipparam
9. Flow-control tags
  1. cfabort
  2. cfbreak
  3. cfcase
  4. cfcontinue
  5. cfdefaultcase
  6. cfelse
  7. cfelseif
  8. cfexecute
  9. cfexit
  10. cfif
  11. cfinclude
  12. cflocation
  13. cfloop
  14. cfrethrow
  15. cfswitch
  16. cfthrow
  17. cftry
10. Forms tags
  1. cfapplet
  2. cfcalendar
  3. cffileupload
  4. cfform
  5. cfformgroup
  6. cfformitem
  7. cfgrid
  8. cfgridcolumn
  9. cfgridrow
  10. cfgridupdate
  11. cfinput
  12. cfpdf
  13. cfpdfform
  14. cfpdfformparam
  15. cfpdfparam
  16. cfpdfsubform
  17. cfselect
  18. cfslider
  19. cftextarea
  20. cftree
  21. cftreeitem
11. Internet Protocol tags
  1. cfajaximport
  2. cfajaxproxy
  3. cfftp
  4. cffeed
  5. cfimap
  6. cfhttp
  7. cfhttpparam
  8. cfldap
  9. cfmail
  10. cfmailparam
  11. cfmailpart
  12. cfpop
  13. cfsprydataset
12. Page processing tags
  1. cfcache
  2. cfcontent
  3. cfflush
  4. cfheader
  5. cfhtmlhead
  6. cfinclude
  7. cfprocessingdirective
  8. cfsetting
  9. cfsilent
13. Security tags
14. Variable manipulation tags
  1. cfcookie
  2. cfdump
  3. cfparam
  4. cfregistry
  5. cfsavecontent
  6. cfschedule
  7. cfset
  8. cfsetting
15. Other tags
  1. cfimage
  2. cflog
  3. cfregistry
Tags a-b
Tags c
Tags f
Tags g-h
1. cfgraph
2. cfgraphdata
3. cfgrid
4. cfgridcolumn
5. cfgridrow
6. cfgridupdate
7. cfheader
8. cfhtmlhead
9. cfhtmltopdf
10. cfhtmltopdfitem
11. cfhttp
12. cfhttpparam
Tags i
1. cfif
2. cfimage
3. cfimap
4. cfimapfilter
5. cfimpersonate
6. cfimport
7. cfinclude
8. cfindex
9. cfinput
10. cfinsert
11. cfinterface
12. cfinvoke
13. cfinvokeargument
Tags j-l
Tags m-o
Tags p-q
1. cfparam
2. cfpdf
3. cfpdfform
4. cfpdfformparam
5. cfpdfparam
6. cfpdfsubform
7. cfpod
8. cfpop
9. cfpresentation
10. cfpresentationslide
11. cfpresenter
12. cfprint
13. cfprocessingdirective
14. cfprocparam
15. cfprocresult
16. cfprogressbar
17. cfproperty
18. cfquery
19. cfqueryparam
Tags r-s
1. cfregistry
2. cfreport
3. cfreportparam
4. cfrethrow
5. cfreturn
6. cfsavecontent
7. cfschedule
8. cfscript
9. cfsearch
10. cfselect
11. cfservlet
12. cfservletparam
13. cfset
14. cfsetting
15. cfsharepoint
16. cfsilent
17. cfslider
18. cfspreadsheet
19. cfsprydataset
20. cfstoredproc
21. cfswitch
Tags t
1. cftable
2. cftextarea
3. cftextinput
4. cfthread
5. cfthrow
6. cftimer
7. cftooltip
8. cftrace
9. cftransaction
10. cftree
11. cftreeitem
12. cftry
Tags u-z
1. cfupdate
2. cfwddx
3. cfwebsocket
4. cfwindow
5. cfxml
6. cfzip
7. cfzipparam

CFML Reference

Cloud services

CFML Reference User Guide
ColdFusion functions
ColdFusion tags
1. ColdFusion tag summary
2. ColdFusion tags by category
  1. Application framework tags
    1. cfapplication
    2. cfassociate
    3. cferror
    4. cfimport
    5. cfinterface
    6. cflock
    7. cfscript
    8. cfthread
  2. Communications tags
  3. Database manipulation tags
  4. Data output tags
    1. cfchart
  5. Debugging tags
    1. cfdump
    2. cftimer
    3. cftrace
  6. Exception handling tags
    1. cfcatch
    2. cferror
    3. cffinally
    4. cfrethrow
    5. cfthrow
    6. cftry
  7. Extensibility tags
    1. cfchart
    2. cfchartdata
    3. cfchartseries
    4. cfcollection
    5. cfcomponent
    6. cfexecute
    7. cfftp
    8. function
    9. cfindex
    10. cfinterface
    11. cfinvoke
    12. cfinvokeargument
    13. cfobject
    14. cfproperty
    15. cfreport
    16. cfreportparam
    17. cfreturn
    18. cfsearch
    19. cfsharepoint
    20. cfspreadsheet
    21. cfwddx
    22. cfxml
  8. File management tags
    1. cfdirectory
    2. cffile
    3. cffileupload
    4. cfftp
    5. cfzip
    6. cfzipparam
  9. Flow-control tags
    1. cfabort
    2. cfbreak
    3. cfcase
    4. cfcontinue
    5. cfdefaultcase
    6. cfelse
    7. cfelseif
    8. cfexecute
    9. cfexit
    10. cfif
    11. cfinclude
    12. cflocation
    13. cfloop
    14. cfrethrow
    15. cfswitch
    16. cfthrow
    17. cftry
  10. Forms tags
    1. cfapplet
    2. cfcalendar
    3. cffileupload
    4. cfform
    5. cfformgroup
    6. cfformitem
    7. cfgrid
    8. cfgridcolumn
    9. cfgridrow
    10. cfgridupdate
    11. cfinput
    12. cfpdf
    13. cfpdfform
    14. cfpdfformparam
    15. cfpdfparam
    16. cfpdfsubform
    17. cfselect
    18. cfslider
    19. cftextarea
    20. cftree
    21. cftreeitem
  11. Internet Protocol tags
    1. cfajaximport
    2. cfajaxproxy
    3. cfftp
    4. cffeed
    5. cfimap
    6. cfhttp
    7. cfhttpparam
    8. cfldap
    9. cfmail
    10. cfmailparam
    11. cfmailpart
    12. cfpop
    13. cfsprydataset
  12. Page processing tags
    1. cfcache
    2. cfcontent
    3. cfflush
    4. cfheader
    5. cfhtmlhead
    6. cfinclude
    7. cfprocessingdirective
    8. cfsetting
    9. cfsilent
  13. Security tags
  14. Variable manipulation tags
    1. cfcookie
    2. cfdump
    3. cfparam
    4. cfregistry
    5. cfsavecontent
    6. cfschedule
    7. cfset
    8. cfsetting
  15. Other tags
    1. cfimage
    2. cflog
    3. cfregistry
3. Tags a-b
4. Tags c
5. Tags f
6. Tags g-h
  1. cfgraph
  2. cfgraphdata
  3. cfgrid
  4. cfgridcolumn
  5. cfgridrow
  6. cfgridupdate
  7. cfheader
  8. cfhtmlhead
  9. cfhtmltopdf
  10. cfhtmltopdfitem
  11. cfhttp
  12. cfhttpparam
7. Tags i
  1. cfif
  2. cfimage
  3. cfimap
  4. cfimapfilter
  5. cfimpersonate
  6. cfimport
  7. cfinclude
  8. cfindex
  9. cfinput
  10. cfinsert
  11. cfinterface
  12. cfinvoke
  13. cfinvokeargument
8. Tags j-l
9. Tags m-o
10. Tags p-q
  1. cfparam
  2. cfpdf
  3. cfpdfform
  4. cfpdfformparam
  5. cfpdfparam
  6. cfpdfsubform
  7. cfpod
  8. cfpop
  9. cfpresentation
  10. cfpresentationslide
  11. cfpresenter
  12. cfprint
  13. cfprocessingdirective
  14. cfprocparam
  15. cfprocresult
  16. cfprogressbar
  17. cfproperty
  18. cfquery
  19. cfqueryparam
11. Tags r-s
  1. cfregistry
  2. cfreport
  3. cfreportparam
  4. cfrethrow
  5. cfreturn
  6. cfsavecontent
  7. cfschedule
  8. cfscript
  9. cfsearch
  10. cfselect
  11. cfservlet
  12. cfservletparam
  13. cfset
  14. cfsetting
  15. cfsharepoint
  16. cfsilent
  17. cfslider
  18. cfspreadsheet
  19. cfsprydataset
  20. cfstoredproc
  21. cfswitch
12. Tags t
  1. cftable
  2. cftextarea
  3. cftextinput
  4. cfthread
  5. cfthrow
  6. cftimer
  7. cftooltip
  8. cftrace
  9. cftransaction
  10. cftree
  11. cftreeitem
  12. cftry
13. Tags u-z
  1. cfupdate
  2. cfwddx
  3. cfwebsocket
  4. cfwindow
  5. cfxml
  6. cfzip
  7. cfzipparam
CFML Reference
1. Reserved words and variables
2. Ajax JavaScript functions
3. ColdFusion ActionScript functions
4. ColdFusion mobile functions
5. Application.cfc reference
6. Script functions implemented as CFCs
7. ColdFusion Flash Form style reference
8. ColdFusion event gateway reference
9. ColdFusion C++ CFX Reference
10. ColdFusion Java CFX reference
11. WDDX JavaScript Objects
Cloud services

Description

Defines web browser cookie variables, including expiration and security options.

Syntax

<cfcookie

name = "cookie name"

samesite="Strict | Lax | None"

domain = ".domain"

expires = "period"

httponly = "yes|no"

path = "URL"

secure = "yes|no"

value = "text"

encodevalue = "yes|no"

preserveCase = "yes|no"

<cfcookie  
name = "cookie name"  
samesite="Strict | Lax | None" 
domain = ".domain"  
expires = "period"  
httponly = "yes|no"  
path = "URL"  
secure = "yes|no"  
value = "text" 
encodevalue = "yes|no"  
preserveCase = "yes|no"  
>

Note: You can specify this tag's attributes in an attributeCollection attribute whose value is a structure. Specify the structure name in the attributeCollection attribute and use the tag's attribute names as structure keys.

History

ColdFusion (2025 release): Deprecated Legacy Cookie Processor support from the cfcookie tag. See Deprecated features in ColdFusion for more information.

Why was the Legacy Cookie Processor deprecated?

ColdFusion relies on Tomcat's underlying cookie processor. Starting with Tomcat 10.1, the Legacy Cookie Processor was removed and replaced with the modern RFC6265 Cookie Processor as the default. This change enforces stricter adherence to modern cookie standards.

To ensure that customer applications are not impacted by this change, ColdFusion maintains backward compatibility and continues to support the Legacy Cookie Processor for CF2025.

For more information, refer to the Tomcat Legacy Cookie Processor and standard RFC 6265 cookie processor documentation.

ColdFusion (2018 release) Update 9 and ColdFusion (2016 release) Update 15: Added attribute SameSite.

ColdFusion 10: Added the preserveCase and encodeValue attributes.

ColdFusion MX 6.1:

Changed the expires attribute: it now accepts a date time object.
Cookie names can include all ASCII characters except commas, semicolons, or whitespace characters.

ColdFusion 9: Added the attribute httponly.

Attributes

Attribute

Req/Opt

Default

Description

name

Required

Name of cookie variable. ColdFusion converts cookie names to all-uppercase. Cookie names set using this tag can include any printable ASCII characters except commas, semicolons, or white space characters.

domain

Required if path attribute is specified. Optional otherwise

Domain in which cookie is valid and to which cookie content can be sent from the user's system. By default, the cookie is only available to the server that set it. Use this attribute to make the cookie available to other servers.Must start with a period. If the value is a subdomain, the valid domain is all domain names that end with this string. This attribute sets the available subdomains on the site on which the cookie can be used.
For a domain value that ends in a country code, the specification must contain at least three periods; for example, ".mongo.state.us". For top-level domains, two periods are required; for example, ".mgm.com". You cannot use an IP address as a domain.

encodevalue

Optional

Specify if cookie value should be encoded

expires

Optional

session only

Expiration of cookie variable.

The cookie expires when the user closes the browser, that is, the cookie is "session only".
A date or date/time object (for example, 10/09/97).
A number of days (for example, 10, or 100).
now: deletes cookie from client cookie.txt file (but does not delete the corresponding variable the Cookie scope of the active page).
never: The cookie expires in 30 years from the time it was created (effectively never in web years).

httponly

Optional

If yes, sets cookie as httponly so that it cannot be accessed using JavaScripts. Note that the browser must have httponly compatibility.

path

Optional

URL, within a domain, to which the cookie applies; typically a directory. Only pages in this path can use the cookie. By default, all pages on the server that set the cookie can access the cookie.

path = "/services/login"

To specify multiple URLs, use multiple cfcookie tags. If you specify path, also specify domain.

preserveCase

Optional

False

Specify if cookie name should be case-sensitive.

secure

Optional

If browser does not support Secure Sockets Layer (SSL) security, the cookie is not sent. To use the cookie, the page must be accessed using the https protocol.

yes: Variable must be transmitted securely.
no

value

samesite

Optional

Value to assign to cookie variable. Must be a string or variable that can be stored as a string.

The SameSite attribute tells browsers when and how to fire cookies in first- or third-party situations. SameSite is used by a variety of browsers to identify whether or not to allow a cookie to be accessed.

Values- "Strict | Lax | None".

Usage

If this tag specifies that a cookie is saved beyond the current browser session, the client browser writes or updates the cookie in its local cookies file. Until the browser is closed, the cookie resides in browser memory. If the expires attribute is not specified, the cookie is not written to the browser cookies file.
If you use this tag after the cfflush tag on a page, ColdFusion does not send the cookie to the browser; however, the value you set is available to ColdFusion in the Cookie scope during the browser session.

Note: You can also create a cookie that expires when the current browser session expires by using the cfset tag or a CFScript assignment statement to set a variable in the Cookie scope, as in <cfset Cookie.mycookie="sugar">. To get a cookie's value, refer to the cookie name in the Cookie scope, as in <cfif Cookie.mycookie is "oatmeal">.

You can use dots in cookie names, as the following examples show:

To access cookies, including cookies that you set and all cookies that are sent by the client, use the Cookie scope. For example, to display the value of the person.name cookie set in the preceding code, use the following line:

<cfoutput>#cookie.person.name#</cfoutput>

Example

SELECT EMail, FromUser, Subject, Posted

FROM Comments

</cfquery>

<html>

<body>

<h3>cfcookie Example</h3>

<!--- If the URL variable delcookie exists, set cookie expiration date

to NOW --->

<cfcookie name = "TimeVisited"

value = "#Now()#"

expires = "NOW">

<!--- Otherwise, loop through list of visitors; stop when you match

the string aol.com in a visitor's e-mail address. --->

<cfcookie name = "LastAOLVisitor"

value = "#Email#"

expires = "NOW" >

</cfif>

</cfloop>

<cfcookie name = "TimeVisited"

value = "#Now()#"

expires = "10">

</cfif>

<p>The last AOL visitor to view this site was

<cfoutput>#Cookie.LastAOLVisitor#</cfoutput>, on

<cfoutput>#DateFormat(COOKIE.TimeVisited)#</cfoutput>

<p><a href = "cfcookie.cfm?delcookie = yes">Hide my tracks</A>

<p>No AOL Visitors have viewed the site lately.

</cfif>

<cfquery name = "GetAolUser" dataSource = "cfdocexamples"> SELECT EMail, FromUser, Subject, Posted FROM Comments </cfquery> <html> <body> <h3>cfcookie Example</h3>  <cfif IsDefined("url.delcookie") is True> <cfcookie name = "TimeVisited" value = "#Now()#" expires = "NOW"> <cfelse>  <cfloop query = "GetAolUser"> <cfif FindNoCase("aol.com", Email, 1) is not 0> <cfcookie name = "LastAOLVisitor" value = "#Email#" expires = "NOW" > </cfif> </cfloop>  <cfif IsDefined("Cookie.TimeVisited") is False> <cfcookie name = "TimeVisited" value = "#Now()#" expires = "10"> </cfif> </cfif>  <cfif IsDefined("Cookie.LastAOLVisitor") is "True"> <p>The last AOL visitor to view this site was <cfoutput>#Cookie.LastAOLVisitor#</cfoutput>, on <cfoutput>#DateFormat(COOKIE.TimeVisited)#</cfoutput>  <p><a href = "cfcookie.cfm?delcookie = yes">Hide my tracks</A> <cfelse> <p>No AOL Visitors have viewed the site lately. </cfif>

<!--- This example shows how to set/delete a cfcookie variable. ---> 
<!--- Select users who have entered comments into a sample database. ---> 
<cfquery name = "GetAolUser" dataSource = "cfdocexamples"> 
SELECT EMail, FromUser, Subject, Posted 
FROM Comments 
</cfquery> 
<html> 
<body> 
<h3>cfcookie Example</h3> 
<!--- If the URL variable delcookie exists, set cookie expiration date 
to NOW ---> 
<cfif IsDefined("url.delcookie") is True> 
<cfcookie name = "TimeVisited" 
value = "#Now()#" 
expires = "NOW"> 
<cfelse> 
<!--- Otherwise, loop through list of visitors; stop when you match
the string aol.com in a visitor's e-mail address. ---> 
<cfloop query = "GetAolUser"> 
<cfif FindNoCase("aol.com", Email, 1) is not 0> 
<cfcookie name = "LastAOLVisitor" 
value = "#Email#" 
expires = "NOW" > 
</cfif> 
</cfloop> 
<!--- If the timeVisited cookie is not set, set a value. ---> 
<cfif IsDefined("Cookie.TimeVisited") is False> 
<cfcookie name = "TimeVisited" 
value = "#Now()#" 
expires = "10"> 
</cfif> 
</cfif> 
<!--- Show the most recent cookie set. ---> 
<cfif IsDefined("Cookie.LastAOLVisitor") is "True"> 
<p>The last AOL visitor to view this site was 
<cfoutput>#Cookie.LastAOLVisitor#</cfoutput>, on 
<cfoutput>#DateFormat(COOKIE.TimeVisited)#</cfoutput> 
<!--- Use this link to reset the cookies. ---> 
<p><a href = "cfcookie.cfm?delcookie = yes">Hide my tracks</A> 
<cfelse> 
<p>No AOL Visitors have viewed the site lately. 
</cfif>

Get help faster and easier

New user?

cfcookie

Description

Category

Syntax

See also

History

Attributes

Usage

Example

Get help faster and easier

Share this page

Ask the Community

Contact Us