Difference between revisions of "Session Variables"
(→Adjusting Session Timeouts) |
(→ColdFusion Session Variables) |
||
(2 intermediate revisions by the same user not shown) | |||
Line 90: | Line 90: | ||
If you are on a J2EE Session enabled servers (all new ColdFusion accounts are on such servers), instead of using ''SESSION.JSESSIONID'' just use '''SESSION.SESSIONID''' instead. | If you are on a J2EE Session enabled servers (all new ColdFusion accounts are on such servers), instead of using ''SESSION.JSESSIONID'' just use '''SESSION.SESSIONID''' instead. | ||
− | If you need to access ''cfid'' and ''cftoken'', they are within Session.URLToken. [http://help.adobe.com/en_US/ColdFusion/10.0/Developing/WSc3ff6d0ea77859461172e0811cbec22c24-7c48.html#WSc3ff6d0ea77859461172e0811cbec0c35c-7ff3 Per Adobe]: | + | If you need to access ''cfid'' and ''cftoken'', they are within '''Session.URLToken'''. [http://help.adobe.com/en_US/ColdFusion/10.0/Developing/WSc3ff6d0ea77859461172e0811cbec22c24-7c48.html#WSc3ff6d0ea77859461172e0811cbec0c35c-7ff3 Per Adobe]: |
<blockquote>'''''Session.URLToken''': A combination of the CFID and CFToken cookies and the J2EE session ID, in the form '''CFID'''=IDNum&'''CFTOKEN'''=tokenNum&'''jsessionid'''=SessionID.'' | <blockquote>'''''Session.URLToken''': A combination of the CFID and CFToken cookies and the J2EE session ID, in the form '''CFID'''=IDNum&'''CFTOKEN'''=tokenNum&'''jsessionid'''=SessionID.'' | ||
<br/><br/> | <br/><br/> | ||
''If you use J2EE session management, the Session scope does not include the Session.CFID or Session.CFToken variables, but does include the Session.URLToken and Session.SessionID variables. In this case, the Session.SessionID is the J2EE session ID and Session.URLToken consists of the string jsessionid= followed by the J2EE session ID.''</blockquote> | ''If you use J2EE session management, the Session scope does not include the Session.CFID or Session.CFToken variables, but does include the Session.URLToken and Session.SessionID variables. In this case, the Session.SessionID is the J2EE session ID and Session.URLToken consists of the string jsessionid= followed by the J2EE session ID.''</blockquote> | ||
+ | |||
+ | ===Maintaining Sessions Across Subdomains=== | ||
+ | ====Enable setDomainCookies in Your Application==== | ||
+ | The first thing to try when your application needs to maintain session state across subdomains is to enable the '''setDomainCookies''' attribute of your application. | ||
+ | =====Enable setDomainCookies in Application.cfm===== | ||
+ | Add the following attribute within your '''cfapplication''' tag: | ||
+ | setDomainCookies="yes" | ||
+ | =====Enable setDomainCookies in Application.cfc (tag-based)===== | ||
+ | Add the following line below the '''cfcomponent''' tag: | ||
+ | <cfset this.setDomainCookies=true> | ||
+ | =====Enable setDomainCookies in Application.cfc (cfscript)===== | ||
+ | Add the following line below the opening of your component: | ||
+ | this.setDomainCookies = true; | ||
+ | ====Alternative to setDomainCookies==== | ||
+ | If enabling setDomainCookies does not work as expected in your application, then you can use the following alternative to set the cookies manually. | ||
+ | |||
+ | First, disable setClientCookies for the application: | ||
+ | =====Disable setClientCookies in Application.cfm===== | ||
+ | Add the following attribute within your '''cfapplication''' tag: | ||
+ | setClientCookies="no" | ||
+ | =====Disable setClientCookies in Application.cfc (tag-based)===== | ||
+ | Add the following line below the '''cfcomponent''' tag: | ||
+ | <cfset this.setClientCookies=false> | ||
+ | =====Disable setClientCookies in Application.cfc (cfscript)===== | ||
+ | Add the following line below the opening of your component: | ||
+ | this.setClientCookies=false; | ||
+ | |||
+ | Next, use the following code to set session cookies for your application. If you're using '''cfapplication''' the code must go after that tag. If you're using '''Application.cfc''' you could place the code in the onRequestStart() function: | ||
+ | <pre> <cfcookie name="cfid" | ||
+ | domain=".yourdomain.com" | ||
+ | value="#session.cfid#"> | ||
+ | |||
+ | <cfcookie name="cftoken" | ||
+ | domain=".yourdomain.com" | ||
+ | value="#session.cftoken#"> | ||
+ | |||
+ | <cfcookie name="jsessionid" | ||
+ | domain=".yourdomain.com" | ||
+ | value="#session.sessionid#"></pre> | ||
+ | |||
+ | More information on this approach is available at the [http://www.coldfusionmuse.com/index.cfm/2006/7/28/sessions.and.subdomains ColdFusion Muse blog]. | ||
==PHP Session Variables== | ==PHP Session Variables== | ||
Line 108: | Line 149: | ||
<br /> | <br /> | ||
Click <a href="sessiontest.php">here</a> to refresh which should increment the number of Views. | Click <a href="sessiontest.php">here</a> to refresh which should increment the number of Views. | ||
+ | |||
+ | [[Category:Windows]] | ||
+ | [[Category:Linux]] | ||
+ | [[Category:Railo]] | ||
+ | [[Category:Coldfusion]] |
Latest revision as of 21:27, 20 March 2014
Contents
- 1 ASP Session Variables
- 2 ColdFusion Session Variables
- 3 PHP Session Variables
ASP Session Variables
Here is a simple Session test for ASP to verify the Session is working:
<% Session("myCounter") = Session("myCounter") + 1 Response.Write "Counter: " & session("myCounter") %> Click <a href="sessiontest.asp">here</a> to refresh which should increment the Counter.
ColdFusion Session Variables
How to verify ColdFusion Session Management is working
By default the Session Timeout is set to 20 minutes.
Here is a sample script to verify the ColdFusion Session variables and ColdFusion Session in general is working.
This is handled differently based on whether you are using Application.cfm or Application.cfc, so be sure to note which one you are using. If using Application.cfm, you need to make sure your application.cfm file is set to handle session variables. To do this, make sure you have sessionmanagement="yes" like:
<cfapplication sessionmanagement="yes">
If using Application.cfc, you need to make sure your application.cfc is set to handle the sessions variables properly. Here is an example for that:
<cfcomponent> <cfset this.name = "myApplication"> <cfset this.Sessionmanagement = TRUE> </cfcomponent>
Now create a new page named sessiontest.cfm and add this code:
<cfif IsDefined("SESSION.MyCount")> <cfset SESSION.MyCount = #SESSION.MyCount# + 1> Current Count is: <cfoutput>#SESSION.MyCount#</cfoutput><BR> The current time is <cfoutput>#Now()# <br /> Server: #CGI.SERVER_NAME# </cfoutput> <BR> <cfelse> <cfset SESSION.MyCount = 1> <cfoutput>Count: #SESSION.MyCount# <br /> Server: #CGI.SERVER_NAME# </cfoutput> </cfif> <A HREF="sessiontest.cfm">Test Session</A>
Now load the page in your browser and click the Test Session link to verify it's working.
Important: If you are on a Linux-based ColdFusion server, you MUST capitalize the 'A' in 'Application.cfm' or 'Application.cfc'. If you do not do this, ColdFusion will not recognize your 'Application.cfm' or 'Application.cfc' file.
Delete Session Cookies
On ColdFusion pages, you can use the following code to delete a users session cookies when he closes the browser:
<!---Kill user session if user closes browser---> <cfif IsDefined("Cookie.CFID") AND IsDefined("Cookie.CFTOKEN")> <cfset Variables.cfid_local = Cookie.CFID> <cfset Variables.cftoken_local = Cookie.CFTOKEN> <cfcookie name="CFID" value="#Variables.cfid_local#"> <cfcookie name="CFTOKEN" value="#Variables.cftoken_local#"> </cfif>
CF 10 considerations
If you use ColdFusion 10 and try to implement the above code you may encounter the following error:
"Failed to set cookie. ColdFusion is unable to add the cookie you specified to the response."
This is because we have the setting for "Disable updating ColdFusion internal cookies using ColdFusion tags/functions" enabled on our servers to help add an additional layer of security.
Solution
To bypass this so you can update/modify any cookies set with "cfcookie" and "cfheader" you will need to add the following code to your Application.cfc:
<cfset this.sessioncookie.disableupdate = false> <cfset this.authcookie.disableupdate = false>
Adjusting Session Timeouts
Our ColdFusion servers have a default session timeout of two (2) hours. If you wish to adjust that, you can do so through your Application.cfm or Application.cfc files.
If using Application.cfm
This <cfapplication> tag specifies a custom session timeout of 3 hours and 30 minutes:<cfapplication name="myawesomeapp" sessionmanagement="Yes" sessiontimeout="#CreateTimeSpan(0,3,30,0)#">
If using Application.cfc (tag-based)
Use this code (adjusting the timespan as necessary) to set your custom session timeout:<cfset this.sessiontimeout = CreateTimeSpan(0,3,30,0) />
If using Application.cfc (cfscript)
Use this code (adjusting the timespan as necessary) to set your custom session timeout:this.sessionTimeout = createTimeSpan(0,3,30,0);
Using J2EE Session Variables
If you are on a J2EE Session enabled servers (all new ColdFusion accounts are on such servers), instead of using SESSION.JSESSIONID just use SESSION.SESSIONID instead.
If you need to access cfid and cftoken, they are within Session.URLToken. Per Adobe:
Session.URLToken: A combination of the CFID and CFToken cookies and the J2EE session ID, in the form CFID=IDNum&CFTOKEN=tokenNum&jsessionid=SessionID.If you use J2EE session management, the Session scope does not include the Session.CFID or Session.CFToken variables, but does include the Session.URLToken and Session.SessionID variables. In this case, the Session.SessionID is the J2EE session ID and Session.URLToken consists of the string jsessionid= followed by the J2EE session ID.
Maintaining Sessions Across Subdomains
Enable setDomainCookies in Your Application
The first thing to try when your application needs to maintain session state across subdomains is to enable the setDomainCookies attribute of your application.
Enable setDomainCookies in Application.cfm
Add the following attribute within your cfapplication tag:
setDomainCookies="yes"
Enable setDomainCookies in Application.cfc (tag-based)
Add the following line below the cfcomponent tag:
<cfset this.setDomainCookies=true>
Enable setDomainCookies in Application.cfc (cfscript)
Add the following line below the opening of your component:
this.setDomainCookies = true;
Alternative to setDomainCookies
If enabling setDomainCookies does not work as expected in your application, then you can use the following alternative to set the cookies manually.
First, disable setClientCookies for the application:
Disable setClientCookies in Application.cfm
Add the following attribute within your cfapplication tag:
setClientCookies="no"
Disable setClientCookies in Application.cfc (tag-based)
Add the following line below the cfcomponent tag:
<cfset this.setClientCookies=false>
Disable setClientCookies in Application.cfc (cfscript)
Add the following line below the opening of your component:
this.setClientCookies=false;
Next, use the following code to set session cookies for your application. If you're using cfapplication the code must go after that tag. If you're using Application.cfc you could place the code in the onRequestStart() function:
<cfcookie name="cfid" domain=".yourdomain.com" value="#session.cfid#"> <cfcookie name="cftoken" domain=".yourdomain.com" value="#session.cftoken#"> <cfcookie name="jsessionid" domain=".yourdomain.com" value="#session.sessionid#">
More information on this approach is available at the ColdFusion Muse blog.
PHP Session Variables
Here is an example of testing Session Variables in PHP to verify they are working:
<?php session_start(); if(isset($_SESSION['views'])) $_SESSION['views']=$_SESSION['views']+1; else $_SESSION['views']=1; echo "Views=". $_SESSION['views']; ?>
Click <a href="sessiontest.php">here</a> to refresh which should increment the number of Views.