Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is a Coldfusion Session?

I've used Coldfusion sessions for quite a while, so I know how they are used, but now I need to know how they work, so that I can plan for scaling my website.

Is a Coldfusion user 'session' simply a quick method to setup 2 cookies (CFTOKEN and CFID) and an associated server side memory structure? (the SESSION scope) Does it do anything else? I'm trying to identify the overhead associated with user sessions versus other methods such as cookies.

like image 488
Dan Sorensen Avatar asked Dec 11 '09 17:12

Dan Sorensen


People also ask

How do I turn on session management in ColdFusion?

In the ColdFusion Administrator, select Memory Variables from the main menu: For ColdFusion session variables: check the box next to "Enable Session Variables." This will set the Session. SessionID value equal to the Application name, CFID, and CFTOKEN values.

How do you delete a session in ColdFusion?

The variables SessionID, CFID, and CFTOKEN are set once by ColdFusion instead of on every request. When you use theStructClear(Session) function, it will clear the SessionID, CFID, and CFTOKEN variables because they are set once and they are in a Struct.

What is CFID and Cftoken in ColdFusion?

To use client and session variables, ColdFusion must be able to identify the client. It normally does so by setting the following two cookie values on the client's system: CFID: A sequential client identifier. CFToken: A random-number client security token.

Do session variables use cookies?

Yes, Session management is done using a kind of session-id i.e. cookies. cookies maintained in the browser help backend to identify users.


2 Answers

Your understanding of them is basically correct. Although they are not bound to the cookies. The cookies are a recording of a token. That token can get passed in the url string if cookies are not enabled in the browser.

There are 2 main advantages I see of saving things in session instead of cookies:

  1. You control the session scope. People can't edit the data in the session scope without you providing them an interface. Cookies can be modified by the client.
  2. Complex data like structures, arrays, objects, network sessions (FTP, exchange) can be stored there.

Their memory overhead is "low" but that's a relative term. Use the ColdFusion Admin Server Monitor to drill into how much memory your sessions are actually using.

like image 147
Terry Ryan Avatar answered Sep 19 '22 07:09

Terry Ryan


First of all, Session is scope: secure and efficient way to keep current user attributes like permissions or preferences. Not sure what do you mean under "other methods", but I doubt that you'll be able to keep complex data structures (query,object,array) in cookies.

Second, application server provides you with really handy event handlers specially for sessions: onSessionStart() and onSessionEnd().

Third, sessions can be pretty easily shared and clustered: between CF applications or between CF and J2EE.

like image 30
Sergey Galashyn Avatar answered Sep 22 '22 07:09

Sergey Galashyn