Cookies

Cookies are simply stored variables. The main difference between cookies and ColdFusion variables is that they are saved on the client machine. The ColdFusion server writes cookies to the browser, which then saves them to specific, files in the browser's file system.

NOTE

Different browsers use different storage locations for cookies, but regardless of how they are stored, the behave the same way as far as your ColdFusion code is concerned..

Making Cookies

Cookies are server specific: They can be retrieved only by the server that set them. Cookies can be made to be domain specific, in which case they are accessible to all domain servers.

Within your application, you can create cookie variables by using the <cfcookie> tag, as shown here:

 <cfcookie name="FirstName" value="Emily" expires="10"> 

The preceding code creates a cookie called FirstName with a value of Emily. It is set to expire in 10 days.

The expires attribute can be set as shown in Table 11.1.

Cookies are not actually set in the browser until ColdFusion request processing has completed. However, ColdFusion allows you to use cookies in the same page that creates them (it does this be creating temporary cookies internally).

Using Cookies

A cookie can be used like any other variable in ColdFusion. To use a cookie, you simply call it with the COOKIE prefix, like this:

 <cfoutput>#COOKIE.FirstName#</cfoutput> 

Depending on your browser, you might be confined to 20 cookies per domain, or 4 Kbytes' worth of information. Twenty cookies is quite limiting. Just collecting the user's first name, last name, email address, phone number, and other personal information can easily use up half of your cookie allotment very quickly.

You can bypass this limit with a little creativity and by employing cookie crumbs, or cookie chips, which take multiple name=value variable pairs, combine them into one variable, and use a delimiter to separate the sets of pairs:

 <cfcookie name="ContactInfo"           value="fn=emily;ln=kim;e=emily@trilemetry.com"> 

There is nothing exceptional about this technique. When you want to use this cookie, you just access it and parse out the values using list techniques.

Lists are introduced in Chapter 13, "Lists."

A Cookie's Scope

Cookies are available provided that the browser is set to use them and that they have not expired or been deleted.

TIP

Some Web visitors configure their browsers so that cookies are not accepted. If you depend upon cookies in your application, you should use a detection script to display a message to such visitors. Depending on your application, it might not actually break without cookies enabledit might merely act weird. Don't ever assume that a cookie will be present just because you set it.

Users can (and do) delete cookies. To ensure that they are actually there before you use them, be sure to check that they exist:

 <cfif IsDefined("COOKIE.FirstName")>  <cfoutput>#COOKIE.FirstName#</cfoutput> </cfif> 

CAUTION

Cookies have always received a bad rap. They are seen as a threat to public safety because they can store personal information about users and can be retrieved by servers. Much of this fear is unfounded because only the server that sets a cookie can retrieve it. However, some of this fear is reasonable because cookies are just text files on the client machine and can be opened easily.

Some responsibility lies in the hands of the programmer. Highly sensitive informationpasswords or credit card numbers, for exampleshould never be stored in cookies.