Gotcha. I was worried that I was off my head for a second. Anyhow, I wanted to second your advice to Robert that he use CFLOCK, along with an inclusion of some references that he might find helpful on the topic. After reading these, I found that I had a pretty decent idea of how to go ahead:
Coldfusion Best Locking Practices http://www.macromedia.com/v1/Handlers/index.cfm?ID=20370&Method=Full Locking in ColdFusion http://www.macromedia.com/v1/handlers/index.cfm?ID=17196&Method=Full To Lock, or Not To Lock http://www.defusion.com/articles/index.cfm?ArticleID=105 Matthieu -----Original Message----- From: Douglas Brown [mailto:[EMAIL PROTECTED]] Sent: Friday, July 26, 2002 2:58 PM To: CF-Talk Subject: Re: Setting and evaluating session variables Well, actually you will have to forgive me, I am thinking in a different scope of using sessions...In all my applications I set the CFID and CFTOKEN to temp vars and therefore I get a new pair on each browser. If he is not setting them like that, then they will expire when the application says so.... Douglas Brown Email: [EMAIL PROTECTED] ----- Original Message ----- From: "Cornillon, Matthieu" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Friday, July 26, 2002 11:41 AM Subject: RE: Setting and evaluating session variables > Douglas, > > Is that right? Maybe I misunderstood your message, but it doesn't seem > correct to me that opening a new window would open a new session with new > CFID and CFTOKEN values. This is a big point of confusion in my office, > where some folks think of a session as an uninterrupted series of page hits > to a single site from a single browser window on a single computer. In CF > terms, though, any hit from a single computer will get the same session vars > until they expire. > > Please correct me if I'm wrong. > > Matthieu > > -----Original Message----- > From: Douglas Brown [mailto:[EMAIL PROTECTED]] > Sent: Friday, July 26, 2002 2:33 PM > To: CF-Talk > Subject: Re: Setting and evaluating session variables > > > Well he is saying that if he opens a new window and types in a URL that does > not go to his splash screen that it is not redirecting. If he opens a new > window, it should be a different session with different CFID & CFTOKEN > values. > > > Basically... > > In application.cfm > <CFAPPLICATION NAME="myApp" > CLIENTMANAGEMENT="Yes" > SESSIONMANAGEMENT="Yes" > SESSIONTIMEOUT="#createTimeSpan(1, 0, 0, 0)#"> > > <cfparam name="session.initialized" default="false"> > <cfif session.initalized eq "false"> > <cflocation url="splash1.cfm" addtoken="no"> > </cfif> > > > > splash1.cfm > > <cfif not(isDefined("session.initialized"))> > <cfset session.initialized = "true"> > </cfif> > > > splash2 > You wont need anything, because application.cfm will handle it... > > > > > Douglas Brown > Email: [EMAIL PROTECTED] > ----- Original Message ----- > From: "Cornillon, Matthieu" <[EMAIL PROTECTED]> > To: "CF-Talk" <[EMAIL PROTECTED]> > Sent: Friday, July 26, 2002 10:51 AM > Subject: RE: Setting and evaluating session variables > > > > Hi. I think that I see the problem that you are having. My explanation > may > > seem overly simple at first, but bear with me. > > > > Session variables are stored on the CF server. A given set of session > > variables is tied to a given user by two key values: CFID, and CFTOKEN. > > These values are sent to your machine as cookies when you access any page > on > > the server. Now, as long as you are accessing the server from that > machine, > > and as long as you have cookies enabled and don't replace them, the > session > > variables will stay set for the default expiration time (which is probably > > set to something like 2 hours in your CF Administrator). > > > > So, the reason that you're getting weird behavior is that > > session.initialized is staying set for at least 2 hours from the time you > > first hit that page during a given day. This makes testing really hard, > > right? I think that your application is set up properly, but you are > having > > trouble testing it. I recommend this: > > > > Create a page called wipeout.cfm or something that erases all the cookies > > and session variables that you don't want to keep. I keep a link to this > on > > the link bar in IE, so that I can return to "regular user" state whenever > I > > need to. The statements you'll need are: > > > > <CFCOOKIE expires="NOW" name="COOKIENAME" value="invalid"> > > <CFLOCK scope="SESSION" timeout="30" type="EXCLUSIVE"> > > <CFSET dummy=StructClear(session)> > > </CFLOCK> > > > > Repeat the CFCOOKIE line for as many cookies as you need to erase. The > > CFSET statement will wipe out all session variables in one shot. > > > > Also, your test for the value of Session.Initialized should not be for > it's > > value, but for its existence: > > > > <CFIF not IsDefined("Session.Initialized")> > > <CFLOCATION... > > > > This should let you test your system without pulling your hair out at what > > seems like completely inconsistent behavior. > > > > Now, however, I want to make sure that you aren't going for something > > different than what I think. I want to map out a path of use and how it > > would work under your current layout (assuming a two-hour expiration time > > for session variables): > > > > July 27th > > > > 10:15 AM > > User opens www.yahoo.com > > > > 10:17 AM > > User opens your site (www.yoursite.com/mySecondPage.cfm) > > She gets bounced to the splash page, since session.initialized wasn't set > > yet. > > > > still 10:17 AM(later in that minute) > > User returns to www.yoursite.com/mySecondPage.cfm, which now is allowed to > > completely load, since session.initialized is now set. > > > > 10:18 AM > > After looking at www.yoursite.com/mySecondPage.com, user is so wowed that > > she goes for a stroll to contemplate the meaning of life. Since the work > is > > super-duper high security, though, she immediately closes the browser and > > shuts down her computer. > > > > 12:17 PM > > User has returned from her walk, ready to surge forward with her work. > She > > has already turned on her machine, logged in, and launched IE. She > promptly > > goes to the page that inspired this (nearly!) two-hour sojourn: > > www.yoursite.com/mySecondPage.com. That page will load WITHOUT going to > the > > splash page. Why? Because session.initialized has still not expired > > (although it's one minute away from doing so), and the CF server knows to > > look for it under the CFID and CFTOKEN values stored on your user's > machine. > > > > 12:18 PM > > User decides that she is no longer so wowed by your page, and immediately > > browses to www.someothersite.com. She stays away from your site until > 4:01 > > PM. > > > > 4:01 PM > > User once again types in www.yoursite.com/mySecondPage.com. This time, > she > > gets bounced to the splash page. Why? Because the two-hour session > > variable has expired. > > > > If this is the behavior you want, then you're all set. I just wanted to > > make sure that you weren't under operating under any misconceptions about > > how it would work. > > > > Hope this is helpful, > > Matthieu > > > > -----Original Message----- > > From: Yexley Robert D Contr Det 1 AFRL/WSI > > [mailto:[EMAIL PROTECTED]] > > Sent: Friday, July 26, 2002 10:28 AM > > To: CF-Talk > > Subject: Setting and evaluating session variables > > > > > > <cfQuestion > > type="Rookie"> > > > > I'm trying to write my first web app in CFMX, and am having some trouble > > figuring out how session variables work. I'm basically just trying a few > > things to test setting them and testing for their values, stuff like that. > > So, what I've done, is I've added a section in my Application.cfm file to > > establish my needed session variables, and initialize them to nothing > (""). > > One of those session variables is called SESSION.initialized, and it's > > value, again, gets set to "". The very first line of the splash page of > my > > app has the line <cfSet SESSION.initialized = "True"> which is intended to > > initialize a users session in the application. I do this ONLY on that > first > > splash page for the app. Now, at the bottom of my Application.cfm file, I > > have the following statement: > > > > <cfif SESSION.initialized is not "True"> > > <cfLocation URL="mySplashPage.cfm" addToken="No"> > > </cfif> > > > > Now, if I understand the way this works correctly, what I'm expecting, is > > that if I open a new browser window, and I try to circumvent that splash > > page by typing something like http://www.mysite.com/mySecondPage.cfm > > <http://www.mysite.com/mySecondPage.cfm> into the address line of the > > browser, the line above that checks that session variable should get > > executed at the beginning of the request for that page. Now, at this > point, > > since during this browser session I have *not* navigated to > mySplashPage.cfm > > yet, that the SESSION.initialized variable has not been set to "True" yet, > > so this condition would evaluate to FALSE, and should execute the > > <cfLocation> tag to redirect the browser to the mySplashPage.cfm document, > > so that it *will* set that variable to "True". Am I correct in that > > thinking? If not, how does this work? > > > > I thought I had this working properly the other day, but it doesn't seem > to > > be working right today, because I'm not getting redirected like I would > > expect. And, on a side note to that, has anyone had any problems with > this > > <cfLocation> tag with a Mozilla browser? The other day when I was trying > > this, I kept getting an error from Mozilla that said something like > > "Redirection limit exceeded for this URL". Has anyone else experienced > > this? If so, is it a browser problem that Mozilla can't be redirected? > Is > > there a workaround for it? > > > > Thanks in advance for your help. > > > > </cfQuestion> > > > > ::YEX:: > > > > /* > > || Robert D. Yexley > > || Oracle Programmer/Analyst > > || Easylink Services Corporation > > || Professional Services > > || Contractor - Wright Research Site MIS > > || Det-1 AFRL/WSI Bldg. 45 Rm. 062 > > || (937) 255-1984 > > || [EMAIL PROTECTED] > > || <)))>< > > */ > > > > <<Robert D. Yexley (E-mail).vcf>> > > > > > > > > ______________________________________________________________________ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
