The Cookie Problem

When I started with this, one of the first things I needed to do was create a means to create a user and authenticate them. Not an overly difficult process by anymeans, and like most developers, I created a series of cookies to used to automatically authenticate the user in the system. And because I did not care about logging out at the time, I used the ColdFusion Cookie Scope to set and retrieve those cookies.

COOKIE.userID = person.getID();  
COOKIE.otherAuthID = emailAddress.getID();  

If I can find a person in my system with that ID, and they have an emailAddress object with that other ID, then its safe to assume that I have that this is the same person who logged in before.

I later came to a point where I wanted to log out of my system, and in that process, destroy those cookies I had set at an earlier point. CFScript does not natively give you the functionality to do this, so I created the Cookie Monster CFC. I then used Cookie Monster to
destroy my cookies on sign out.

var cookieMonster = new cookieMonster();  
cookieMonster.deleteCookie("userID");  
cookieMonster.deleteCookie("otherAuthID");  

So Enters my Problem!

The system will not delete my cookies. I can create and delete cookies with cookie monster, but I can not remove the cookies I created with the COOKIE scope. After searching for a solution, I came across this article by Ben Nadal (Setting ColdFusion Cookies With CFCookie vs. Cookie Scope) which lead me to realize that ColdFusion treats cookies differently between CFCookie and the COOKIE scope.

It turns out that the issue was with how ColdFusion treates Cookies differently with the CFCookie Tag and the COOKIE scope and how ColdFusion makes itself a case insensitive language by uppercasing everything at compile time. The orgional cookies I had set where created in the origional camelCase I had set them in with the COOKIE scope. However when I use CFCOOKIE to expire those cookies, ColdFusion upper cases the cookie names.

The Result is that ColdFusion sent a request to the browser to expire "USERID". The issue is that most every other computer language is in fact case sensitive, so the browser was looking for a cookie named "USERID" to expire. The cookies I had orgionally set was named "userID".

The solution was simple. Manually delete my cookies, and use CookieMonster to set all future cookies to maintain consistancy. Its just another of those little consistancy details that gets missed in the production run of ColdFusion