Session Variables

From Hostek.com Wiki
Revision as of 15:44, 16 July 2013 by Jakeh (Talk | contribs) (ColdFusion Session Variables)

Jump to: navigation, search


ASP Session Variables

ColdFusion Session Variables

How to verify ColdFusion Session Management is working

By default the Session Timeout is set to 20 minutes.

Here is a sample script to verify the ColdFusion Session variables and ColdFusion Session in general is working.

This is handled differently based on whether you are using Application.cfm or Application.cfc, so be sure to note which one you are using. If using Application.cfm, you need to make sure your application.cfm file is set to handle session variables. To do this, make sure you have sessionmanagement="yes" like:

<cfapplication sessionmanagement="yes">

If using Application.cfc, you need to make sure your application.cfc is set to handle the sessions variables properly. Here is an example for that:

<cfcomponent>
<cfset this.name = "myApplication">
<cfset this.Sessionmanagement = TRUE>
</cfcomponent>

Now create a new page named sessiontest.cfm and add this code:

<cfif IsDefined("SESSION.MyCount")>
  <cfset SESSION.MyCount = #SESSION.MyCount# + 1>
  Current Count is: <cfoutput>#SESSION.MyCount#</cfoutput><BR>
  The current time is <cfoutput>#Now()#
  <br />
  Server: #CGI.SERVER_NAME#
  </cfoutput>
  <BR>
<cfelse>
  <cfset SESSION.MyCount = 1>
  <cfoutput>Count: #SESSION.MyCount#
  <br />
  Server: #CGI.SERVER_NAME#
  </cfoutput>
</cfif>
<A HREF="sessiontest.cfm">Test Session</A>

Now load the page in your browser and click the Test Session link to verify it's working.

Important: If you are on a Linux-based ColdFusion server, you MUST capitalize the 'A' in 'Application.cfm' or 'Application.cfc'. If you do not do this, ColdFusion will not recognize your 'Application.cfm' or 'Application.cfc' file.

Delete Session Cookies

On ColdFusion pages, you can use the following code to delete a users session cookies when he closes the browser:

<!---Kill user session if user closes browser--->
<cfif IsDefined("Cookie.CFID") AND IsDefined("Cookie.CFTOKEN")>
<cfset Variables.cfid_local = Cookie.CFID>
<cfset Variables.cftoken_local = Cookie.CFTOKEN>
<cfcookie name="CFID" value="#Variables.cfid_local#">
<cfcookie name="CFTOKEN" value="#Variables.cftoken_local#">
</cfif> 

CF 10 considerations

If you use ColdFusion 10 and try to implement the above code you may encounter the following error:

"Failed to set cookie. ColdFusion is unable to add the cookie you specified to the response."

This is because we have the setting for "Disable updating ColdFusion internal cookies using ColdFusion tags/functions" enabled on our servers to help add an additional layer of security.

Solution

To bypass this so you can update/modify any cookies set with "cfcookie" and "cfheader" you will need to add the following code to your Application.cfc:

<cfset this.sessioncookie.disableupdate = false>
<cfset this.authcookie.disableupdate = false>

Adjusting Session Timeouts

Our ColdFusion servers have a default session timeout of two (2) hours. If you wish to adjust that, you can do so through your Application.cfm or Application.cfc files.

If using Application.cfm

This <cfapplication> tag specifies a custom session timeout of 3 hours and 30 minutes:
<cfapplication name="myawesomeapp"
     sessionmanagement="Yes"
     sessiontimeout="#CreateTimeSpan(0,3,30,0)#">

If using Application.cfc (tag-based)

Use this code (adjusting the timespan as necessary) to set your custom session timeout:
<cfset this.sessiontimeout = CreateTimeSpan(0,3,30,0) />

If using Application.cfc (cfscript)

Use this code (adjusting the timespan as necessary) to set your custom session timeout:
this.sessionTimeout = createTimeSpan(0,3,30,0);

PHP Session Variables

Here is an example of testing Session Variables in PHP to verify they are working:

<?php
session_start();
if(isset($_SESSION['views']))
$_SESSION['views']=$_SESSION['views']+1;
else
$_SESSION['views']=1;
echo "Views=". $_SESSION['views'];
?> 

Click <a href="sessiontest.php">here</a> to refresh which should increment the number of Views.