ColdFusion sets the CFID and CFTOKEN cookie on every single page, obviously connecting that to a session on the server.
However, with the EU cookie law coming up I'm not how to sort this out. The CFID and CFTOKEN cookie is only needed if I need to use the SESSION scope in my application.
Probably 90% of our website tools don't need to use the session. However our login system obviously uses the SESSION, and we have a few tools that we store user preferences in.
If I disable the CFID and CFTOKEN cookie from being set in the ColdFusion administrator, can I later turn that on for individual requests, based on a per user basis?
ie. if a user says "yes I want cookies", can I then request a ColdFusion page that sets the cookies for future use?
Sorry if that question is a little unclear.
OK, if you don’t want to rely on the exception there’s a couple of possibilities:
If you really want to disable/enable cookies dynamically you can use the setclientcookies="no" attribute in the cfapplication tag. This could be a dynamic value depending on whether they had accepted or not — so it defaults to no, but if they select to accept cookies later would switch to yes.
Or you could do away with cookies altogether and simply pass URL parameters — see “Using client and session variables without cookies”.