Cookie File expires in 2037?

[ToonKayser]

HI,

I am a little confused. When I use a session variable and
put the expire time on - let's say - 3 hours, I find that
a cookie-file is written and it won't expire until 2037.
(I use CF 3.1)
Some people here in our company are wondering and I
can't explain them why the cookie expires in 2037.
(They are a little paranoia about cookies)
I guess that when CF finds that the cookie is expired,
CF doesn't delete the physical file and will use this file
next time overwriting all of the content. Is this correct?

Toon [sig][/sig]

 

[iza]

you can set the time when the cookies expires ! <cfcookie .... expires=...> [sig][/sig]

 

[ToonKayser]

Hi,

I don't place a cookie. It's the use of session-variables
that leads to a cookie. You can call it a implicit cookie.
So I can't control this 'system-cookie'.
One should think that CF would place a cookie according to createtimespan in sessiontimeout of 'cfapplication'.

Toon [sig][/sig]

 

[iza]

you're right, but isn't it the case ? what value did you set the sessiontimeout (in the cfapplication) to ?
you can also define the session variable timeout in the cf administrator. And you can also set the storing of the session variable : registry, cookie, ... [sig][/sig]

 

[ToonKayser]

Yes, I know. Sessiontimeout and the default values are set.
The sessiontimeout works. After some time the session variables time out.
But..... the physical cookie-file still exists.
The program works fine, though.
But how can I explain users who don't like cookies that I don't use persistent cookies?

Toon
[sig][/sig]

 

[iza]

the only way i found to physically delete cookie is to have a logout page (where the cookie-expire value is &quot;now&quot, but i still haven't found how to ensure that ALL users properly log out ...
well, maybe users who don't like cookie carefuly go to log out pages ?? [sig][/sig]

 

[ToonKayser]

Hi,

After a little research, I found in Allaire Forums,
how to solve this problem.
CF uses 2 cookies to handle session-variables
(CFID and CFTOKEN) and stores them in one single cookie-file with expiration-date = 2037.
This file isn't deleted from your hard-disk even when your
session is timed out or your browser is closed.

Insert folowing lines into application.cfm

<CFIF ISDEFINED(&quot;Cookie.CFID&quot AND ISDEFINED(&quot;Cookie.CFTOKEN&quot>
<CFSET CFID_LOCAL = COOKIE.CFID>
<CFSET CFTOKEN_LOCAL = COOKIE.CFTOKEN>
<CFCOOKIE NAME=&quot;CFID&quot; VALUE=&quot;#cfid_local#&quot;>
<CFCOOKIE NAME=&quot;CFTOKEN&quot; VALUE=&quot;#cftoken_local#&quot;>
</CFIF>

The trick is that you read the cookies cfid and cftoken
and then re-write this cookies without an expire-date.
The result is that the cookie-file will not be written
to disk but stays in memory.
After timeout or browser-close, no cookie is on your
disk.
And nobody will ask what kind of information is stored
in that cookie.

Please read this in Allaire forums. Id=485502
(

http://forums.allaire.com/devconf/main.cfm)

and use
the search-button.
Toon [sig][/sig]