Session Variables

From Hostek.com Wiki
Jump to: navigation, search


ASP Session Variables

Here is a simple Session test for ASP to verify the Session is working:

<%
Session("myCounter") = Session("myCounter") + 1
Response.Write "Counter: " & session("myCounter")
%> 
Click <a href="sessiontest.asp">here</a> to refresh which should increment the Counter.

ColdFusion Session Variables

How to verify ColdFusion Session Management is working

By default the Session Timeout is set to 20 minutes.

Here is a sample script to verify the ColdFusion Session variables and ColdFusion Session in general is working.

This is handled differently based on whether you are using Application.cfm or Application.cfc, so be sure to note which one you are using. If using Application.cfm, you need to make sure your application.cfm file is set to handle session variables. To do this, make sure you have sessionmanagement="yes" like:

<cfapplication sessionmanagement="yes">

If using Application.cfc, you need to make sure your application.cfc is set to handle the sessions variables properly. Here is an example for that:

<cfcomponent>
<cfset this.name = "myApplication">
<cfset this.Sessionmanagement = TRUE>
</cfcomponent>

Now create a new page named sessiontest.cfm and add this code:

<cfif IsDefined("SESSION.MyCount")>
  <cfset SESSION.MyCount = #SESSION.MyCount# + 1>
  Current Count is: <cfoutput>#SESSION.MyCount#</cfoutput><BR>
  The current time is <cfoutput>#Now()#
  <br />
  Server: #CGI.SERVER_NAME#
  </cfoutput>
  <BR>
<cfelse>
  <cfset SESSION.MyCount = 1>
  <cfoutput>Count: #SESSION.MyCount#
  <br />
  Server: #CGI.SERVER_NAME#
  </cfoutput>
</cfif>
<A HREF="sessiontest.cfm">Test Session</A>

Now load the page in your browser and click the Test Session link to verify it's working.

Important: If you are on a Linux-based ColdFusion server, you MUST capitalize the 'A' in 'Application.cfm' or 'Application.cfc'. If you do not do this, ColdFusion will not recognize your 'Application.cfm' or 'Application.cfc' file.

Delete Session Cookies

On ColdFusion pages, you can use the following code to delete a users session cookies when he closes the browser:

<!---Kill user session if user closes browser--->
<cfif IsDefined("Cookie.CFID") AND IsDefined("Cookie.CFTOKEN")>
<cfset Variables.cfid_local = Cookie.CFID>
<cfset Variables.cftoken_local = Cookie.CFTOKEN>
<cfcookie name="CFID" value="#Variables.cfid_local#">
<cfcookie name="CFTOKEN" value="#Variables.cftoken_local#">
</cfif> 

CF 10 considerations

If you use ColdFusion 10 and try to implement the above code you may encounter the following error:

"Failed to set cookie. ColdFusion is unable to add the cookie you specified to the response."

This is because we have the setting for "Disable updating ColdFusion internal cookies using ColdFusion tags/functions" enabled on our servers to help add an additional layer of security.

Solution

To bypass this so you can update/modify any cookies set with "cfcookie" and "cfheader" you will need to add the following code to your Application.cfc:

<cfset this.sessioncookie.disableupdate = false>
<cfset this.authcookie.disableupdate = false>

Adjusting Session Timeouts

Our ColdFusion servers have a default session timeout of two (2) hours. If you wish to adjust that, you can do so through your Application.cfm or Application.cfc files.

If using Application.cfm

This <cfapplication> tag specifies a custom session timeout of 3 hours and 30 minutes:
<cfapplication name="myawesomeapp"
     sessionmanagement="Yes"
     sessiontimeout="#CreateTimeSpan(0,3,30,0)#">

If using Application.cfc (tag-based)

Use this code (adjusting the timespan as necessary) to set your custom session timeout:
<cfset this.sessiontimeout = CreateTimeSpan(0,3,30,0) />

If using Application.cfc (cfscript)

Use this code (adjusting the timespan as necessary) to set your custom session timeout:
this.sessionTimeout = createTimeSpan(0,3,30,0);

Using J2EE Session Variables

If you are on a J2EE Session enabled servers (all new ColdFusion accounts are on such servers), instead of using SESSION.JSESSIONID just use SESSION.SESSIONID instead.

If you need to access cfid and cftoken, they are within Session.URLToken. Per Adobe:

Session.URLToken: A combination of the CFID and CFToken cookies and the J2EE session ID, in the form CFID=IDNum&CFTOKEN=tokenNum&jsessionid=SessionID.



If you use J2EE session management, the Session scope does not include the Session.CFID or Session.CFToken variables, but does include the Session.URLToken and Session.SessionID variables. In this case, the Session.SessionID is the J2EE session ID and Session.URLToken consists of the string jsessionid= followed by the J2EE session ID.

Maintaining Sessions Across Subdomains

Enable setDomainCookies in Your Application

The first thing to try when your application needs to maintain session state across subdomains is to enable the setDomainCookies attribute of your application.

Enable setDomainCookies in Application.cfm

Add the following attribute within your cfapplication tag:

   setDomainCookies="yes"
Enable setDomainCookies in Application.cfc (tag-based)

Add the following line below the cfcomponent tag:

   <cfset this.setDomainCookies=true>
Enable setDomainCookies in Application.cfc (cfscript)

Add the following line below the opening of your component:

   this.setDomainCookies = true;

Alternative to setDomainCookies

If enabling setDomainCookies does not work as expected in your application, then you can use the following alternative to set the cookies manually.

First, disable setClientCookies for the application:

Disable setClientCookies in Application.cfm

Add the following attribute within your cfapplication tag:

   setClientCookies="no"
Disable setClientCookies in Application.cfc (tag-based)

Add the following line below the cfcomponent tag:

   <cfset this.setClientCookies=false>
Disable setClientCookies in Application.cfc (cfscript)

Add the following line below the opening of your component:

   this.setClientCookies=false;

Next, use the following code to set session cookies for your application. If you're using cfapplication the code must go after that tag. If you're using Application.cfc you could place the code in the onRequestStart() function:

    <cfcookie name="cfid" 
      domain=".yourdomain.com" 
      value="#session.cfid#"> 
         
    <cfcookie    name="cftoken" 
      domain=".yourdomain.com" 
      value="#session.cftoken#"> 
         
    <cfcookie name="jsessionid" 
      domain=".yourdomain.com" 
      value="#session.sessionid#">

More information on this approach is available at the ColdFusion Muse blog.

PHP Session Variables

Here is an example of testing Session Variables in PHP to verify they are working:

<?php
session_start();
if(isset($_SESSION['views']))
$_SESSION['views']=$_SESSION['views']+1;
else
$_SESSION['views']=1;
echo "Views=". $_SESSION['views'];
?> 

Click <a href="sessiontest.php">here</a> to refresh which should increment the number of Views.