Difference between revisions of "Session Variables"

From Hostek.com Wiki
Jump to: navigation, search
(ASP Session Variables)
(Adjusting Session Timeouts)
Line 87: Line 87:
 
====If using '''Application.cfc''' (cfscript)====
 
====If using '''Application.cfc''' (cfscript)====
 
Use this code (adjusting the timespan as necessary) to set your custom session timeout: <pre style="white-space: pre-wrap">this.sessionTimeout = createTimeSpan(0,3,30,0);</pre>
 
Use this code (adjusting the timespan as necessary) to set your custom session timeout: <pre style="white-space: pre-wrap">this.sessionTimeout = createTimeSpan(0,3,30,0);</pre>
 +
===Using J2EE Session Variables===
 +
If you are on a J2EE Session enabled servers (all new ColdFusion accounts are on such servers), instead of using ''SESSION.JSESSIONID'' just use '''SESSION.SESSIONID''' instead.
 +
 +
If you need to access ''cfid'' and ''cftoken'', they are within Session.URLToken. [http://help.adobe.com/en_US/ColdFusion/10.0/Developing/WSc3ff6d0ea77859461172e0811cbec22c24-7c48.html#WSc3ff6d0ea77859461172e0811cbec0c35c-7ff3 Per Adobe]:
 +
<blockquote>'''''Session.URLToken''': A combination of the CFID and CFToken cookies and the J2EE session ID, in the form '''CFID'''=IDNum&'''CFTOKEN'''=tokenNum&'''jsessionid'''=SessionID.''
 +
<br/><br/>
 +
''If you use J2EE session management, the Session scope does not include the Session.CFID or Session.CFToken variables, but does include the Session.URLToken and Session.SessionID variables. In this case, the Session.SessionID is the J2EE session ID and Session.URLToken consists of the string jsessionid= followed by the J2EE session ID.''</blockquote>
  
 
==PHP Session Variables==
 
==PHP Session Variables==

Revision as of 16:51, 21 November 2013


ASP Session Variables

Here is a simple Session test for ASP to verify the Session is working:

<%
Session("myCounter") = Session("myCounter") + 1
Response.Write "Counter: " & session("myCounter")
%> 
Click <a href="sessiontest.asp">here</a> to refresh which should increment the Counter.

ColdFusion Session Variables

How to verify ColdFusion Session Management is working

By default the Session Timeout is set to 20 minutes.

Here is a sample script to verify the ColdFusion Session variables and ColdFusion Session in general is working.

This is handled differently based on whether you are using Application.cfm or Application.cfc, so be sure to note which one you are using. If using Application.cfm, you need to make sure your application.cfm file is set to handle session variables. To do this, make sure you have sessionmanagement="yes" like:

<cfapplication sessionmanagement="yes">

If using Application.cfc, you need to make sure your application.cfc is set to handle the sessions variables properly. Here is an example for that:

<cfcomponent>
<cfset this.name = "myApplication">
<cfset this.Sessionmanagement = TRUE>
</cfcomponent>

Now create a new page named sessiontest.cfm and add this code:

<cfif IsDefined("SESSION.MyCount")>
  <cfset SESSION.MyCount = #SESSION.MyCount# + 1>
  Current Count is: <cfoutput>#SESSION.MyCount#</cfoutput><BR>
  The current time is <cfoutput>#Now()#
  <br />
  Server: #CGI.SERVER_NAME#
  </cfoutput>
  <BR>
<cfelse>
  <cfset SESSION.MyCount = 1>
  <cfoutput>Count: #SESSION.MyCount#
  <br />
  Server: #CGI.SERVER_NAME#
  </cfoutput>
</cfif>
<A HREF="sessiontest.cfm">Test Session</A>

Now load the page in your browser and click the Test Session link to verify it's working.

Important: If you are on a Linux-based ColdFusion server, you MUST capitalize the 'A' in 'Application.cfm' or 'Application.cfc'. If you do not do this, ColdFusion will not recognize your 'Application.cfm' or 'Application.cfc' file.

Delete Session Cookies

On ColdFusion pages, you can use the following code to delete a users session cookies when he closes the browser:

<!---Kill user session if user closes browser--->
<cfif IsDefined("Cookie.CFID") AND IsDefined("Cookie.CFTOKEN")>
<cfset Variables.cfid_local = Cookie.CFID>
<cfset Variables.cftoken_local = Cookie.CFTOKEN>
<cfcookie name="CFID" value="#Variables.cfid_local#">
<cfcookie name="CFTOKEN" value="#Variables.cftoken_local#">
</cfif> 

CF 10 considerations

If you use ColdFusion 10 and try to implement the above code you may encounter the following error:

"Failed to set cookie. ColdFusion is unable to add the cookie you specified to the response."

This is because we have the setting for "Disable updating ColdFusion internal cookies using ColdFusion tags/functions" enabled on our servers to help add an additional layer of security.

Solution

To bypass this so you can update/modify any cookies set with "cfcookie" and "cfheader" you will need to add the following code to your Application.cfc:

<cfset this.sessioncookie.disableupdate = false>
<cfset this.authcookie.disableupdate = false>

Adjusting Session Timeouts

Our ColdFusion servers have a default session timeout of two (2) hours. If you wish to adjust that, you can do so through your Application.cfm or Application.cfc files.

If using Application.cfm

This <cfapplication> tag specifies a custom session timeout of 3 hours and 30 minutes:
<cfapplication name="myawesomeapp"
     sessionmanagement="Yes"
     sessiontimeout="#CreateTimeSpan(0,3,30,0)#">

If using Application.cfc (tag-based)

Use this code (adjusting the timespan as necessary) to set your custom session timeout:
<cfset this.sessiontimeout = CreateTimeSpan(0,3,30,0) />

If using Application.cfc (cfscript)

Use this code (adjusting the timespan as necessary) to set your custom session timeout:
this.sessionTimeout = createTimeSpan(0,3,30,0);

Using J2EE Session Variables

If you are on a J2EE Session enabled servers (all new ColdFusion accounts are on such servers), instead of using SESSION.JSESSIONID just use SESSION.SESSIONID instead.

If you need to access cfid and cftoken, they are within Session.URLToken. Per Adobe:

Session.URLToken: A combination of the CFID and CFToken cookies and the J2EE session ID, in the form CFID=IDNum&CFTOKEN=tokenNum&jsessionid=SessionID.



If you use J2EE session management, the Session scope does not include the Session.CFID or Session.CFToken variables, but does include the Session.URLToken and Session.SessionID variables. In this case, the Session.SessionID is the J2EE session ID and Session.URLToken consists of the string jsessionid= followed by the J2EE session ID.

PHP Session Variables

Here is an example of testing Session Variables in PHP to verify they are working:

<?php
session_start();
if(isset($_SESSION['views']))
$_SESSION['views']=$_SESSION['views']+1;
else
$_SESSION['views']=1;
echo "Views=". $_SESSION['views'];
?> 

Click <a href="sessiontest.php">here</a> to refresh which should increment the number of Views.