Skip to Content

How to Set Cookies with the CFCookie Tag in CFML

In this tutorial, we'll discover how to create and manage client-side and server-side cookies with the cfcookie tag in CFML with both tag syntax and script syntax. The max cookie storage available is 4,096 bytes, or 4 kilobytes, and can only be stored as a plain string.

The Attributes

Here is a list of the attributes for the cfcookie tag:

  • name string - The alpha-numeric name of the cookie variable. CFML converts all cookie names to uppercase lettering.
  • value string - The value assigned to the cookie variable. You can pass a plain text string or a variable with a string data type.
  • expires any - The expiration date or timeframe for the associated cookie. By default, the cookie is considered "session only" and expires when the user closes the browser tab or window. You can set a date (for example, 07/18/23). You can set a numeric value indicating the number of days until the cookie expires (for example, 30 or 365). You can also set either "now" to delete the cookie now or "never" to delete the cookie in 30 years from the time it's created.
  • secure boolean - Indicates that the cookie can only be assigned or manipulated in a secure SSL environment.
  • path string - The query string within the domain where the cookie applies. By default, all pages on the server can access the cookie, but you can set a custom path (for example, path="/path/to/page")
  • domain string - The domain name in which the content can be assigned or accessed by the user. The domain name must start with a period (for example, "").
  • httpOnly boolean - If set to yes, the cookie can only be created or manipulated server-side. This attribute was introduced in ColdFusion 9.
  • encodedValue boolean - Specifies whether or not the cookie should be encoded. This attribute was introduced in ColdFusion 10.
  • preserveCase boolean - Determines whether or not the cookie name should remain case-sensitive. This attribute was introduced in ColdFusion 10.
  • sameSite string - Determines whether or not a cookie can be accessed. Values include strict, lax, or none. This attribute was introduced in ColdFusion 2018 and Lucee

Code Examples

Tag Syntax

Here, we'll create a cookie named myCookie that never expires and has a simple string value. The cookie is created for and can only be accessed by this domain in a secure environment (SSL) and is accessible through every path in the site:

<cfcookie name="myCookie"
value="This is a test"
httpOnly="yes" />

Script Syntax

value="This is a test",
cookie.myCookie = {
value="This is a test",

Using the cfheader tag

<cfheader name="Set-Cookie"
value="value=This is a test; expires=never;; path=/; secure=yes; httpOnly=yes;" />

Access and Output A Cookie's Value

Now that you've created your cookie, you can access it using the cookie scope:


You can easily check if a cookie exists in the user's browser with CFML's built-in StructKeyExists() function before outputting it to the screen. This is the best practice to ensure an error is not thrown on the page:

<cfif StructKeyExists(cookie, "myCookie")>

Another way to check for cookie existence is with CFML's isDefined() function:

<cfif isDefined("cookie.myCookie")>

To see all accessible cookie data, use the cfdump tag and pass the cookie scope:

<cfdump var="#cookie#">

To delete a cookie, set the expires attribute to now:

<cfcookie name="myCookie" expires="now" />


That covers everything you need to know about cookies in CFML. If you have any questions or need assistance, feel free to reach out in the comments section below.

Created: July 18, 2023


There are no comments yet. Start the conversation!

Add A Comment

Comment Etiquette: Wrap code in a <code> and </code>. Please keep comments on-topic, do not post spam, keep the conversation constructive, and be nice to each other.