Issue: After deleting the cookie each time it was assigning an empty string to that cookie but that cookie was present in cookie scope and in next request it was coming again.
To show the exact situation I wrote following piece of ColdFusion code:
First time, I run the code without any cookie I got following output.
As we see there is only two cookie in ColdFusion dump and also in Firebug( i.e, - CFID and CFTOKEN)
Then, I run following piece of JS code to set a cookie with name 'x'
document.cookie = 'x=test; expires=Fri, 25 Oct 2013 20:47:11 GMT; path=/';
CASE - 1:
Next, I run the ColdFusion code and I got following result:
- First Line of ColdFusion code it just dumps cookie scope, where we can see our cookie in lower case with value “test”.
- Next line, if cookie “x” exists then, show message “Inside if” and delete that cookie by setting expiry date as now and value empty string(“”).
- Else show message “Inside Else”.
- Dump cookie scope.
I run the same page multiple times I got same results, means my cookie is not getting deleted. If you notice the first cookie dump shows “x” in lower case and next cookie dump shows in upper case.
CASE - 2:
In second test case I cleared all my cookies and again run the following JS code to set the cookie.
document.cookie = 'X=test; expires=Fri, 25 Oct 2013 20:47:11 GMT; path=/';
Here, if you notice I have set cookie name in upper case. Then I run the ColdFusion code and I got the following result:
Here, if you will notice cookie name is in upper case in both the dump and in Fire bug cookie “X” is not available. Then, I refreshed the page and I got following result:
Ahhh. My cookie got deleted, means our target achieved.
Question: What was the problem in previous case why we were
unable to delete that when it was in lower case?
· ColdFusion is case insensitive, means if we name variable name as “x” and “X” both are same for ColdFusion.
· When our first if clause checks whether “x” exists in cookie or not it always find it as ColdFusion case in sensitive but when it sets to delete the code cookie “X”, we got following in HTTP response header:
· Here, ColdFusion send command to browser to delete cookie with name “X” by setting the expiry date as now.
· Browser set the cookie “X” with expiry date as current time but the old cookie (“x”) is not affected by that activity.
· In second dump ColdFusion overwrites “x” value by “X”, in server side only. But, cookie stored in client side, when we refresh the page “X” is deleted (as we set the expiry date as current time) and “x” is available. So, it again displays “x”.
When setting cookie from client side be aware of the case sensitivity.