how can make it persist across for 90 days if i had set it as expire in 90 days

See if you can find/apply the correct settings in your application's CFAdmin GUI - under Server Settings - Client Variables and Server Settings - Memory Variables. That'd be where I'd check for cookie settings.

By default cookies you create a 'session' only. If you want it to persist use the

expires

attribute

i am using like this private void function setAuthMethodCookie(required string authMethod) { cfcookie( httpOnly=true, expires=90, name="loginType", value=arguments.authMethod, secure=true); }

You can’t rely upon cookies alone to persist information. They are specific to the client machine and browser and can never be used to guarantee information.

The user doesn't necessarily have to intentionally delete a cookie for things to fail. Accidental deletions and errors during cookie-writing are common. There is one simple solution. Do a check, before cfcookie runs, to verify whether the cookie has persisted? If it hasn't, set it.

Thanks, We are not completely replying on cookies, its just a matter that we have to reply in a case if person's login method is setup as intra or something so i think in this case its working fine but its working browser to browser, how can i share cookies across browser, that is the solution i am trying to find

You can’t. You can, however, clear the database if you have the user id and set the cookie again if they’re on a new browser.

@gsr, thanks for clarifying. I don't yet understand what you mean by "...its working browser to browser, how can i share cookies across browser." Could you please explain? For example, what do you want to happen?

well, the setup is complex, but the we are using SSO, and in couple of cases, we store the cookie if the user has the Microsoft EntraID and in that cookie, we knows they logged with this and so far so good, not if they browsers and do it again, it does not find the cookie becuuse its browser to browser, they have to go one more step forward to make sure they check it first before they can login to Microsoft account, so i just want to save that step or there is one idea, i am getting i can make thier entry in the database and sets its expiry date and that when expiry is reached it will delete cookie from database, the cookie in browser will keep on working as is, i just need to add a piece of code in my main application to checkk if the record exists for that user and is active and not expired i think that should work

I would use a dedicated link with all of the required arguments for each user and function instead. Cookies are not made for what you were trying to do.

I am not trying to I have applied all techniques available and this option we concluded too because we have a closed system It’s not open I have given up on why I was trying because data is not shareable between browsers so can’t use database as manual things are required so I can’t really apply that in database or file system

You say you were looking for a "file system". Isn't cookie-writing just another "file system"? Luckily, you've found that it doesn't work anyway. Cookies are inherently browser-specific for privacy and security reasons. Let's assume that you succeeded in finding a "file system" that could pass Browser1 authorization information to Browser2. This would mean that your application did enable client-side authorization. I think that that is not good practice, even in a closed environment..