Sunday, October 27, 2013

structDelete & CFCOOKIE for Delete Cookie in ColdFusion

Previously, I had a misconception that we can only delete a cookie from ColdFusion by using CFCOOKIE tag only. But, during experimenting with ColdFusion cookie, I just got to know that even using function "structDelete" we can alos delete a cookie.

Let's see how exactly:

I had written the above CF code to test.

 - When first I run this page, I see two cookie variables - CFID and CFTOKEN. You can see the image below.
 - Next time, I run the same code with "setx = 1" in URL. It just created a new cookie variable "X", with expiration date as one month ahead. You can see the image below.
 - Next, I run the same code again without any url parameter. So, it will go for delete section. As we have not passed any  url variable "delByTag", so it will go for "structDelete" section and in result you can see the cookie dump.
 - Refresh the page again, you will see the target cookie is deleted. As shown below.
Question: What exactly ColdFusion does to delete a cookie from browser?

 - Set the cookie "X" by following the above steps.
 - Pass url parameter "delByTag = 1" and run the page, you can see the cookie "X" is empty in seond dump after refreshing the page you will see no cookie "X" in dump. If we will notice the HTTP request for cookie delete then we will find the following screen shot.
- As you can see, the HHTP response contains command to broser from ColdFusion to delete the cookie. That's why the browser removes the cookie.

If you again set the cookie and for delete don't use "delByTag = 1", so it will use struct delete and in that case if we will see the HTTP response as shown below. Here, we will see the a same thing in resopnse to delete the cookie.
The difference I found, by using cfcookie we can set a past date in the expiry field but "structDelte" will always use the current date for that operation. You can debug more by looking into the HTTP request/response.

Happy Coding!!!

1 comment:

  1. At no point in your test, is cookie.x ever deleted, rather the value is replaced by an empty string. The two concepts are very different. What your test actually shows is that it is impossible to actually delete a cookie, which is insane. But, thanks for sharing this. I will try and find a way to actually remove cookie.x from the cookie struct...