Although the CLI[NTSTORAGEattribute of the CFAPPLICATIONtag offers three types of storage options, cookies will be used no matter which option you specify (unless you have set the SETCLIENTCOOKIES attribute to No).Remember that the CFIO and CFTOKEN values are still stored as cookies on the client even if the storage option has been set to registry or the name of a data source. This is so that a particular client can be recognized when they return to your application. Therefore, client infer-nation is, by default, stored in two places:
Cookies The CFID and CFTOKENvalues are stored in a cookie on the client,
Registry The built-in client variables (CFIO,CFTOKENURLTOKEN Count, and Time Created) as well as any other client variables are stored in the server registry (unless you have specified a different default storage mechanism).
You can delete client data from the registry and from cookies in several ways. These possibilities are discussed in the following sections.
If you have chosen to store your client data in a data source or as cookies, then you can delete them in the standard way:
Data source Use CFQUERYto delete records or field values in the client storage data source. See Chapter 10, “Using CFQUERY and SQL to Interact With the Database.”
Cookie Use the CFCOOKIEtag and set the EXPIRESattribute equal.
Deleting a Single Client Variable
If you need to delete only a single client variable that you have set, you use the Delete-ClientVariable function.
Delete ClientVariable takes one argument: the name of the client variable to be deleted. If you know the name of the client variable you wish to delete, you can use the following code. If the client variable you are attempting to delete roes not exist, you will not receive an error and your application will continue to work as before.
<CFSETdeleted – DeleteClicntVariable(‘client.user_name’) Delete confirmed? <CFOUTPUT>#deleted#</CFOUTPUT> In this code, the variable deleted will return a Yes or No value, depending upon whether client . user_name existed and was successfully deleted.
Deleting All Client Variables
If you want to delete all client variables, you could loop through GetClientVariables- List and deletaeach client variable in the list as shown in the following code. For this code, you do not have to know the name of each client variable.
Deleting Client Cookies
If you would like to also delete the CFID, CFTOKEN, and! or CFGLOBALS cookies on the client side, you would use the following code. This code is useful if you no longer want the user to have access to any client variables. The next-time the client accesses a page, they will be assigned a new CFID and CFTOKENunless you have added some login procedure.
Managing Client State Management and Cookies
Describes several limitations of using cookies to store any client variables.
Passing CFID and CFTOKEN
In Chapter 4.you learned how to work with cookies. The cookie is set by sending a cookie’ header through the browser. After this header has been received and processed by the server, then the cookie is available for use.
Unfortunately, when using CFLOCATIONa,redirection header is sent through the browser. This header.cancels out the cookie header and therefore prevents the cookie from ‘being set.As a result, you cannot use CFLOCATIONand CFCOOKIEin the same template. This restriction is important to understand when using client management, because the CFIO and CFTOKENcookies can be set on any page in your application framework. If you were using CFLOCATIONth,en this would normally cause a problem. Luckily, Cold Fusion automatically adds the URLTOKENclient variable to the CFLOCATIONheader. The only problem is that the CFIOand CFTqKENcan then be viewable m~e browser’s location bar.
To prevent this from happening, you can use the CFLOCATIONattribute ADDTOKEAND. DTOKEN can be set to Yes or No.The syntax is <CFLOCATION home . cfm” ADDTOKEN'” ‘No’). This will prevent the URLTOKENfrom being passed.