If you have enabled SESSIOMANAGEMENTin your Application. cfm template, you are now ready to start creating and using session variables.
Creating Session Variables
Creating session variables is basically the same as creating client variables, except that session variables must also be locked. Whenever you read or write a session variable, you need to use the CFLOCK tag around it. CFLOCK is discussed in more detail at the end of this chapter.
To create a session variable, you must use the CFSET or CFPARAM tags. You must also scope your variable name with the prefix sessi on. The following code sets a passed form field equal to the session variable session . user_name:
Storing query results in session variables is useful because it allows you to limit the connections you make to a database, thereby speeding up the process.
Referring to Session Variables
You must use the CFLOCKtag around any block of code containing a reference to a session variable. The (FLOCKshould be a ReadOn1y lock. For more information on the (FLOCKtag, please refer to the end of this chapter.
Here are two examples of referring to the session variable session user_name:
Unlike client variables, you must always include the session prefix when referring to session variables. ColdFusion does not automatically evaluate session variables.
Using Built-In Session Variables
There are built-in session variables similar to client’variables, Table 17.5 lists the built-in session variables that can be referred to in your applications. These built-in session variables are all stored in the server’s RAM, and are tied to a specific CFIDand CFTOKEN
Retrieving a List of Session Variables
Because session variables are stored in RAM as opposed to the registry, you access them somewhat differently than you do client variables. To retrieve a list of all currently set session variables, you must loop through the session structure.
If you use the following code, you can retrieve an entire list of all session variables, including the built-in session variables described.
Deleting Session Variables
Because session variables can be retrieved through a structure, they can also be deleted by using structures. If you know the. specific session variable that you want to delete, you would use the StructDelete function. If you want to delete all session variables, you can use the Structral ear function, Both examples are demonstrated in the following code. Remember to surround your code with a CFLOCK tag.
Even though session management provides a SESSIONTIMEOUT option, it is sometimes useful to kill a user’s session before that timeout period expires. You may want to delete all references to a client session in the following instances:
• When the user clicks adogout button
• When the user closes their browser
• If the user leaves yourWeb site.
StructDel ete and StructCl ear are useful in deleting these references. The next two scenarios explain different approaches to ending a particular session.
Ending a Session When the Browser Is Closed
A session normally times out after the client makes no more connections fo the Web server and the SESSIONTIMEOUT. as specified in the CFAPPLICATIONtag or in the administrator, expires. However, you cart cause a session to time out before the end of that ~e period provided the User closes their browser.
Because a session is tied to the CFIO and CFTOKENcookies that are normally set on the client side, if these cookies no longer existed, then the user would have to begin a new session. If you want to ensure that these cookies expire when the user closes their browser, then all you have to do is reset the cookies to their current values but with no expiration. If no EXPIREattribute is set for a cookie, it automatically expires upon the close of the browser and doesn’t get written to the client side. By re-creating the CFIO and CFTOKENcookies, you are effectively overwriting the existing ones that are set to expire sometime in the future. See the following code for the code that can be used to reset the CFIOand CFTOKENcookies.
<CFLOCK TIMEOUT-’30’ NAME-“Session.Sess;onIO#’ TYPE-‘Exclus;ve’>
<CFCOOKIE NAME-‘CFIO’ VALUE-“sess;on.CFIO”>
<CFCOOKIE NAME-‘CFTOKEN’ VALUE-‘#sess;on.CFTOKEN#’>
Ending a Session When the User Logs Out
If.you provide a logout option for your users, killing the user session becomes simple. When the user logs out, you send them to a ColdFusion templatewhere you can use the StructCl ear function to kill their session. Of course, this method requires that the user remember to log out.