Session & Application Management
- To understand the difference between ColdFusion session management and J2EE session management.
- To use the <cfapplication> tag is used to set defaults for session state management.
- To use Application variables.
- To use session variables to remember that the users are logged in as they go from page to page.
- To understand the basics of structures.
- To use cookies to make it easier for users to log in on future visits.
Sessions
A session begins when a visiting client somehow identifies itself to the web server. The web server assigns the client a unique session id, which the client uses to re-identify itself as it moves from page to page on the website. Most of the time, these unique ids are stored in session cookies that expire after the client hasn't interacted with the server for some amount of time. The amount of time varies depending on the web application. For example, an online investment site might have very short sessions, so that if a user leaves her computer without logging out, another user who sits down at the same computer several minutes later cannot continue with the first user's session.
Configuring Sessions
The picture above shows the Memory Variables settings in ColdFusion Administrator,
where Session management is configured.
J2EE Session Variables
The first checkbox gives the option of using J2EE session variables instead of ColdFusion session variables. The two major advantages of using J2EE session variables are:
- Sessions end when a user closes the browser. This is not the case with ColdFusion session variables.
- The Session scope is serializable, which allows session variables to be shared across servers. Again, this is not the case with ColdFusion session variables.
There is really no downside to using J2EE session variables, so it is recommended that you check this box.
Enabling Application Variables
The second checkbox gives the option to enable Application variables. Application variables are shared between all users of the application and live until ColdFusion Application Server is shut down, they are explicitly deleted, or the application times out due to a setting in <cfapplication>.
Application variables are useful for storing data such as data source names and file paths that are the same for all users over the life of the application, so it is recommended that you check this box.
Enabling Session Variables
The third checkbox gives the option to enable Session variables. Session variables are variables that are specific to a user's session (or visit) on the site. If session variables are not enabled, it becomes very difficult to track a user throughout his visit, so it is recommended that you check this box as well.
The <cfapplication> Tag
The <cfapplication> tag is used to:
- Define the name of a ColdFusion application.
- Enable or disable Client variables.
- Specify where Client variables are stored.
- Enable Session variables.
- Set Application variable timeouts.
| Attribute | Description |
|---|---|
| name | Name of application. |
| loginStorage | Where to store login variables (in Cookies or Session). |
| clientManagement | Enable client variables. Default is "No". |
| clientStorage | Where to store client variables. |
| setClientCookies | Enable cookies. Default is "Yes". |
| sessionManagement | Enable session management. Default is "No". |
| sessionTimeout | Lifespan of session variables. |
| applicationTimeout | Lifespan of application variables. |
| setDomainCookies | Sets CFID and CFTOKEN for a domain. |
The <cfapplication> tag is most often used at the top of the Application.cfm file. A typical <cfapplication> tag looks like this:
<cfapplication sessionmanagement="yes" clientmanagement="yes" name="RunnersHome">
If sessionTimeout and applicationTimeout are not defined in the <cfapplication> tag, as in the tag above, the default values set in ColdFusion Administrator are used.
Basics of Structures
A ColdFusion structure is a data type that can be used to hold collections of like data. ColdFusion provides many functions to make it easy to work with and manipulate structures. A few of these functions are described in the table below.
| Function | Description |
|---|---|
| IsStruct | Returns true if the specified variable is a structure. |
| StructNew | Creates a new structure. |
| StructClear | Removes all data from specified structure. |
| StructDelete | Removes the specified item from the specified structure. |
| StructFind | Returns the value associated with the specified key in the specified structure. |
The example below creates a structure called person, adds properties to the structure, deletes a property and then loops through a substructure.
Code Sample: SessionAndApplication/Demos/Structure.cfm
<html> <head> <title>Structure Demo</title> </head> <body> <cfset person = StructNew()> <cfset person.firstName = "Paul"> <cfset person.lastName = "McCartney"> <cfset person.age = 61> <cfset person.talents.sing = True> <cfset person.talents.playsGuitar = True> <cfset person.talents.bungyJumps = False> <cfset StructDelete(SESSION, "username")> <cfoutput><p>Structure Elements: #StructCount(person)#</p></cfoutput> <ul> <cfloop collection="#person.talents#" item="talent"> <cfoutput><li>#talent#: #person.talents[talent]#</li></cfoutput> </cfloop> </ul> </body> </html>
The Session, Application, and Client scopes are all available as ColdFusion structures, which means that they can be manipulated using the Structure functions.
Session Example
Code Sample: SessionAndApplication/Demos/Session1.cfm
<cfset SESSION.SessVar = "Hello world!"> <html> <head> <title>Session Page 1</title> </head> <body> The content of SESSION.SessVar is <cfoutput>#SESSION.SessVar#</cfoutput>. <a href="Session2.cfm">Next page</a> </body> </html>
This page sets and outputs a session variable.
Code Sample: SessionAndApplication/Demos/Session2.cfm
<html> <head> <title>Session Page 2</title> </head> <body> The content of SESSION.SessVar is still <cfoutput>#SESSION.SessVar#</cfoutput>. <cfset StructDelete(Session,"SessVar")> <a href="Session3.cfm">Next page</a> </body> </html>
This page outputs the same session variable and then deletes it with StructDelete().
Code Sample: SessionAndApplication/Demos/Session3.cfm
<html> <head> <title>Session Page 3</title> </head> <body> The content of SESSION.SessVar is no longer <cfoutput>#SESSION.SessVar#</cfoutput>. </body> </html>
This page tries to read the deleted session variable and fails. It errors with a message like " Element SESSVAR is undefined in SESSION."
Cookies
Cookies are small text files that sit on the client machine. Web pages with the right permissions can read from and write to cookies. They are generally used to track user information between visits.
In ColdFusion, cookies are set with the <cfcookie> tag, which takes several attributes.
| Attribute | Description |
|---|---|
| name | The cookie's name (required). |
| value | The cookie's value. |
| expires | The cookie's expiration date (if this isn't set, the cookie will expire when the browser window is closed). |
| secure | A flag indicating whether the cookie should only be read over https. |
| path | The directory path on the server that can read the cookie. |
| domain | The domain name that can read the cookie. |
The following code will set a cookie that expires in one week.
<cfcookie name="firstname" value="Paul" expires="7">
The following code will set a cookie that expires in on December 31, 2008.
<cfcookie name="firstname" value="Paul" expires="12/31/08">
The following code will set a cookie that never expires.
<cfcookie name="firstname" value="Paul" expires="never">
To delete a cookie, set the expiration date to now(), like this.
<cfcookie name="firstname" value="Paul" expires="now">
Session & Application Management Conclusion
Session management is a key aspect necessary to create "web applications" from sets of web pages. In this lesson, you have learned to work with Session and Application variables and cookies. You have also learned how to use the <cfapplication> tag and how to work with structures.