2

If you set Cookie Timeout in CF Admin to -1 minutes, then CFID and CFTOKEN become session cookies, which expire when you quit the browser. However, that means they DON'T expire UNTIL you quit the browser, not ideal.

Is there any way to have them expire in 20 mins (say), OR when you quit the browser?

Adam Cameron
  • 29,677
  • 4
  • 37
  • 78
enigment
  • 3,316
  • 7
  • 30
  • 35
  • 1
    I'm pretty sure you can't set both in the cookies, but: you could set the starting time for that cookie in the session scope and check for the expiration of 20min on the next page request. In that request you can set the cookie values/attributes to force expiration. – AndreasRu Aug 22 '22 at 21:51

1 Answers1

0

Pretty sure this question has already been asked & answered: "Can a cookie expire when EITHER some time passes OR browser is closed?" ?

What you are asking is for a cookie to have no expiry (so it deletes when the browser closes) but also does have an expiry (after n minutes). It can't do both at once obviously.

I'd set the cookie to have no expiry so it deletes when the browser closes, and - as @AndreasRu suggests - maintain the session duration/idle-timeout on the CFML server.

Adam Cameron
  • 29,677
  • 4
  • 37
  • 78