Ouch - this cookie bug has teeth

This post is more than 2 years old.

Thanks to my buddy Nick Hill for finding this and Jason Dean for making an even simpler demo. Looks like there is a pretty serious bug with the Cookie scope in CF9. If you attempt to use structClear to remove cookies, ala:

<cfset cookie.test = 3 /> <cfset cookie.hammer = 5 />

<cfset structClear(cookie) />

You will get an array index out of bounds error. If you switch to using structDelete and the individual cookies you end up with the cookies still there but with no value, which may be fine. You get the same with cfcookie/expires=now.

You want to watch out for this if you use structClear(cookie) as your logout function (as Nick did). If you want to vote for this bug (although seriously- does this need to be 'voted'??) then you can go here: http://cfbugs.adobe.com/cfbugreport/flexbugui/cfbugtracker/main.html#bugId=82723

Raymond Camden's Picture

About Raymond Camden

Raymond is a senior developer evangelist for Adobe. He focuses on document services, JavaScript, and enterprise cat demos. If you like this article, please consider visiting my Amazon Wishlist or donating via PayPal to show your support. You can even buy me a coffee!

Lafayette, LA https://www.raymondcamden.com

Archived Comments

Comment 1 by JC posted on 4/21/2010 at 12:14 AM

StructClear cookie has never actually cleared cookies, has it? It only clears out the struct CF stores them in after reading them... the next page the user loads still has cookies.

Comment 2 by Raymond Camden posted on 4/21/2010 at 12:18 AM

I believe it did. (No way to test right now though!)

Comment 3 by Brian Meloche posted on 4/21/2010 at 12:30 AM

+1 on this. I ran into this one myself on a LightFront application recently.