SESSION Variables

Previous page
Table of content
Next page

SESSION Variables

SESSION variables are memory-resident variables that are saved in the server's memory (just like APPLICATION and SERVER variables). However, although SESSION variables maintain information about one user rather than an entire application or server, they are still tied to one application.

Preparing to Use SESSION Variables

SESSION variables track a user through an application, and their use is intrinsically tied to the application. To use SESSION variables you must enable them:

  • If using Application.cfc, use <cfset THIS.sessionManagement="true"> to enable session use, and THIS.sessionTimeout to specify the timeout value.

  • If using Application.cfm, use <cfapplication sessionManagement="true"> to enable session use, and the sessionTimeout attribute to specify the timeout value.

By enabling sessionManagement, you tell the ColdFusion server to allow you to use SESSION variables. The sessionTimeout uses the CreateTimeSpan() function to declare how long you want SESSION variables to stay in the server's memory.

NOTE

By specifying a sessionTimeout value you can set how long you want your SESSION variables to persist. However, when using this attribute, you can never exceed the maximum time limit set in the ColdFusion Administrator.


When a new session is created, ColdFusion assigns an id to it. ColdFusion supports two forms of SESSION variables (and thus IDs):

  • If using ColdFusion-managed SESSION variables, two variables are automatically created: CFID and CFTOKEN. Both of these variables are used to identify specific sessions.

  • If using J2EE-managed SESSION variables, a single variable named jsessionid is used to identify specific sessions.

The type of SESSION variable used is a server-wide setting specified in ColdFusion Administrator.

TIP

One benefit of J2EE-managed sessions is that they may be shared with Java code (servlets, for example). Another important benefit is that J2EE servers can replicate SESSION data across servers (including ColdFusion data if the J2EE server manages sessions).


NOTE

SESSION variables use cookies to store copies of the ID in order to track the user to one particular browser. However, no other information is stored in cookies.


Using cookies to store the ID is the preferred and easiest way to use SESSION variables. However, some applications are built for an audience whose browsers do not accept cookies. In that case, you will have to pass both variables manually using URL and FORM variables.

NOTE

If you use <cflocation>, you can have ColdFusion pass the ID for you by using the attribute add token and setting it to yes.


TIP

If you are working with multiple subdomains and need the SESSION variables to be available to all of them, you can set the setdomaincookies attribute (in the Application.cfc or the of the <cfapplication> tag) to true. The setdomaincookies attribute tells the server to allow the CFID and CFTOKEN to be recognized by both all hosts within a domain. This attribute is also useful in a clustered environment.


Creating SESSION Variables

After you have prepared the environment to use SESSION variables, you create them using <cfset>, just as with local variables, except that you add the prefix SESSION to them:

 <cfset SESSION.FirstName="Emily">

After you create the SESSION variable, it is available until the session expires.

TIP

You can also use <cfparam> to create and set default values for SESSION variables.


<cfparam> was introduced in Chapter 2, "Working with Variables and Expressions."


The ColdFusion server stores all SESSION variables in structures. Therefore, you should use the structure functions to maintain your SESSION variables.

NOTE

COOKIE variables are also stored as structures.


Structures are discussed in Chapter 15, "Structures."


Using SESSION Variables

SESSION variables can be simple (numbers, text) or complex (arrays, queries, structures, and more). As they are tied to clients, are so simple to set and edit SESSION variables, and they can store just about any type of data, they plan an important role in user settings, application security, and application optimization.

Some common uses for SESSION variables include:

  • Managing logins and logouts, SESSION variables maintain the login state.

  • Storing shopping carts.

  • Remembering user options (colors, language choices, and more).

  • Storing search results.

As already explained, <cfset> can be used to both create and update SESSION variables. To delete session variables use the StructDelete() function (specifying SESSION as the name of the structure from which to delete a member).

TIP

ColdFusion session variables persists even after the browser is closed. If you close your browser before the timeout period is up and then reopen your browser to access the site again, you will find that the session is still active. This could be a problem if there is a chance that another user could access the program within the time-out period. You can rectify this problem by converting the ID variables into browser-session cookies. J2EE session variables do not behave this way, and will not persist after the browser is closed.



Previous page
Table of content
Next page
Macromedia ColdFusion MX 7 Certified Developer Study Guide
Macromedia ColdFusion MX 7 Certified Developer Study Guide
ISBN: 0321330110
EAN: 2147483647
Year: 2004
Pages: 389
Authors: Ben Forta
BUY ON AMAZON
Crystal Reports 9 on Oracle (Database Professionals)
Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
Professional Struts Applications: Building Web Sites with Struts ObjectRelational Bridge, Lucene, and Velocity (Experts Voice)
PMP Practice Questions Exam Cram 2
802.11 Wireless Networks: The Definitive Guide, Second Edition
VBScript in a Nutshell, 2nd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy