8 Replies Latest reply on Dec 7, 2006 11:39 PM by MikerRoo

    Test browser accepting cookie

    doug777 Level 1
      <cfset Cookie.test = 1>
      <cfif IsDefined("Cookie.test")>
      // great!
      <cfelse>
      // ask user to unblock cookies for this site
      </cfif>

      Will the if statement always return true because the cf Cookie scope contains the test variable, or will it try to read the cookie from the client and if it can't, return false.

      If this doesn't work what is the best way to test the user's browser.

      Doug
        • 1. Re: Test browser accepting cookie
          jdeline Level 1
          A cookie is not set on the client until the next page is loaded. Even a CFLOCATION will not cause the cookie to be set.
          • 2. Re: Test browser accepting cookie
            MikerRoo Level 1
            If your server is set up he standard way (recommended), you can merely check for the existance of a standard cookie.
            "CFTOKEN" for example.

            Otherwise, the detection process is outlined here:
            http://www.coldfusioncookbook.com/entry/91/How-can-I-detect-if-the-browser-accepts-cookies ? .

            Finally, if you are using cookies for Client var storage, keep in mind that the user can see and alter anything that you store on his machine (may or may not be a problem).

            For sensitive client var storage, use the databasemechanism. (NEVER, EVER, use the registry!)
            • 3. Re: Test browser accepting cookie
              doug777 Level 1
              Thanks for all replies.

              I intend to use database storage for the Client variables and thanks for the warning about the registry. Why is this set as the default - it sounds a horrible solution even to me?

              Am I right in thinking that my index page (which gets hit only once in any session and contains the code to find out which database the client belongs to and then sets the necessary variables) should be where I set clientManagement on and not in the Application page as all the books suggest?

              If I then check to see if CFToken has been set in this index page, will it actually have been set by that time or not?

              Doug
              • 4. Re: Test browser accepting cookie
                MikerRoo Level 1
                quote:

                Originally posted by: doug777
                Thanks for all replies.

                I intend to use database storage for the Client variables and thanks for the warning about the registry. Why is this set as the default - it sounds a horrible solution even to me?

                Am I right in thinking that my index page (which gets hit only once in any session and contains the code to find out which database the client belongs to and then sets the necessary variables) should be where I set clientManagement on and not in the Application page as all the books suggest?

                If I then check to see if CFToken has been set in this index page, will it actually have been set by that time or not?

                Doug


                A lot of people have rightfully said that the registry should not even be an option and registry abuse has contributed to CF's reputation as unstable.
                Adobe even tells you not to use it. So why it is the default?! ... ...

                The cookie check and all client and session settings should be wherever you have your cfapplication tag. It is a good idea to have all of this in Application.cfm and a better idea to use Application.cfc.

                Yes, 95% of the time, the CFToken or CFID will be set by the time your code fires (If cookies are enabled).
                In any case:
                1) Check for CFToken. If present use cfcookie with confidence and process the page.
                If not present, use the cookie check scheme outlined by Massimo (url above).
                • 5. Re: Test browser accepting cookie
                  doug777 Level 1
                  Regarding where to put the code:

                  If all this goes in Application.cfc then doesn't it run unnecessarily every time a new page is requested? Whereas if it is in my index.cfm page, it runs only once per session.

                  I can see why Session variable control should be in Application, but can't get my head round why this code needs to be there.

                  Doug
                  • 6. Re: Test browser accepting cookie
                    MikerRoo Level 1
                    Yes, the code would get triggered with every request.
                    But then again lots of code, like cfapplication, etc. gets triggered by every request.

                    If you use the methods suggested, the cookie check adds no detectable extra time (unless cookies are disabled).

                    Also, I won't ask how you restrict the index page to once per session but consider:

                    The user can (and power users often do) delete or turn off cookies while the session is still valid.
                    (Hackers and script-kiddie bots will also change cookies in an attempt to hijack a session.)

                    You don't have to put all the persistent scope checking/init in the same place -- it's just a best practice.

                    • 7. Re: Test browser accepting cookie
                      doug777 Level 1
                      I hadn't thought of the security implications.

                      Thanks so much for all your advice !!

                      Doug
                      • 8. Re: Test browser accepting cookie
                        MikerRoo Level 1
                        You're welcome!

                        Now that I've made you sufficiently suspicious ;-),
                        please remember that cookies can still be useful -- but just to improve the user experience (unless you are one of the bad guys, then they get even more useful ).