0 Replies Latest reply on Sep 25, 2013 9:10 AM by D@yzW0rk

    Cookie has a value when it should not

    D@yzW0rk

      I've been working on a bit of bot mitigation and began using checks against Cookie.CFID to verify the client has a value in reply.

       

      I'm using CF  9,0,1,274733

       

      application.cfm includes the following:

      <cfapplication sessionManagement="True" clientManagement ="False" setClientCookies="True" sessionTimeout="#CreateTimeSpan(0, 0, 2, 0)#">

       

      I disable cookies in FF 23 browser to simulate a bot and conduct the test.

       

      In my test the check for Cookie.CFID is as expected, empty.  Here is a snippet of code used to test this.

      <cftry>

          <cfif REFind("YourIPAddress",CGI.REMOTE_ADDR)>

              <cfif ! IsDefined("Cookie.cfid")>

                  <cfoutput>

                      No Cookies as expected!

                  </cfoutput>

              </cfif>

              <cfdump var="#Cookie#">

          </cfif>

          <cfcatch type="Any">

              <cfdump var="#cfcatch#">

          </cfcatch>

      </cftry>

       

      And the result expected from that test:

      No Cookies as expected! 

      struct [empty]

       

      However, with the same test environment configuration as above in another page I'm getting a non empty struct when dumping cookies like this:

      <cfdump var="#Cookie#">

      produces:

      struct
      CFIDSomeId
      CFTOKENSomeToken

       

      Is there some function or feature in ColdFusion known to cause this behavior or is this a bug?