Defines web browser cookie variables, including expiration and
security options.

 <cfcookie name = "cookie name" domain = ".domain" expires = "period" httponly = "yes|no" path = "URL" secure = "yes|no" value = "text" encodevalue = "yes|no" preserveCase = "yes|no">

 cfcookie(name = "cookie name", domain = ".domain", expires = "period", httponly = "yes|no", path = "URL", secure = "yes|no", value = "text", encodevalue = "yes|no", preserveCase = "yes|no");

Attribute Reference for the cfcookie tag


Required: Yes
Name of cookie variable. CFML converts cookie names
to all-uppercase. Cookie names set using this tag can
include any printable ASCII characters except commas,
semicolons or white space characters.


Required: No
Value to assign to cookie variable. Must be a string or
variable that can be stored as a string.


Required: No
Expiration of cookie variable.

* The default: the cookie expires when the user closes the
browser, that is, the cookie is "session only".
* A date or date/time object (for example, 10/09/97)
* A number of days (for example, 10, or 100)
* now: deletes cookie from client cookie.txt file
(but does not delete the corresponding variable the
Cookie scope of the active page).
* never: The cookie expires in 30 years from the time it
was created (effectively never in web years).


Required: No
If browser does not support Secure Sockets Layer (SSL)
security, the cookie is not sent. To use the cookie, the
page must be accessed using the https protocol.


Required: No
URL, within a domain, to which the cookie applies;
typically a directory. Only pages in this path can use the
cookie. By default, all pages on the server that set the
cookie can access the cookie.

path = "/services/login"


Required: No
Domain in which cookie is valid and to which cookie content
can be sent from the user's system. By default, the cookie
is only available to the server that set it. Use this
attribute to make the cookie available to other servers.

Must start with a period. If the value is a subdomain, the
valid domain is all domain names that end with this string.
This attribute sets the available subdomains on the site
upon which the cookie can be used.


Required: No
CF 9+ Specify whether cookie is http cookie or not


Required: No
CF 10+ Specify if cookie value should be encoded

Examples sample code using the cfcookie tag

Script Syntax

cfcookie(name="TimeVisited" value=Now(), domain="", path="/coldfusion" expires=30, httponly="yes", encodedvalue="yes" )

Tag Syntax

<cfcookie name="TimeVisited" value=Now(), domain="", path="/coldfusion" expires=30, httponly="yes", encodedvalue="yes" />

Using Cookie Scope

cookie.TimeVisited = { value="#Now()#", domain="", path="/coldfusion", expires=30, httponly="yes", encodedvalue="yes" }; 

Using CFHeader

<cfheader name="Set-Cookie" value="TimeVisited=#Now()#; path=/coldfusion;; expires=30; HttpOnly;"/>

Fork me on GitHub