Copy link to clipboard
Copied
I've been working on a bit of bot mitigation and began using checks against Cookie.CFID to verify the client has a value in reply.
I'm using CF 9,0,1,274733
application.cfm includes the following:
<cfapplication sessionManagement="True" clientManagement ="False" setClientCookies="True" sessionTimeout="#CreateTimeSpan(0, 0, 2, 0)#">
I disable cookies in FF 23 browser to simulate a bot and conduct the test.
In my test the check for Cookie.CFID is as expected, empty. Here is a snippet of code used to test this.
<cftry>
<cfif REFind("YourIPAddress",CGI.REMOTE_ADDR)>
<cfif ! IsDefined("Cookie.cfid")>
<cfoutput>
No Cookies as expected!
</cfoutput>
</cfif>
<cfdump var="#Cookie#">
</cfif>
<cfcatch type="Any">
<cfdump var="#cfcatch#">
</cfcatch>
</cftry>
And the result expected from that test:
No Cookies as expected!
struct [empty]
However, with the same test environment configuration as above in another page I'm getting a non empty struct when dumping cookies like this:
<cfdump var="#Cookie#">
produces:
struct | |
---|---|
CFID | SomeId |
CFTOKEN | SomeToken |
Is there some function or feature in ColdFusion known to cause this behavior or is this a bug?
Have something to add?