This is dabbling toward to edges of my expertise, but the error says "no new lines" and your $cookie assignment adds \n (new lines) to the string. Maybe relevant if you are interested in why this is a bad idea: [http://www.hpenterprisesecurity.com/vulncat/en/vulncat/cfml/header_manipulation_cookies.html].