Would this "trick" also work with ClientManagement instead of SessionManagement?
Greg -----Original Message----- From: Darren Houle [mailto:[EMAIL PROTECTED] Sent: Thursday, March 20, 2003 9:59 AM To: CF-Talk Subject: RE: cfapplication and cookies I may be misunderstanding your exact wants but just in case it helps here's a quick <grin> primer on cookies and CF applications... First, cookies... Cookies are basically stored in web browers two different ways, either in memory or written to a file on the local drive. If code instructs the browser to create a cookie then it is always created first in the browser's memory. If you give that cookie an expiration value then the browser, usually on close, will write that cookie to a hard file and add the expiration date/time to the record. If you don't set any expiration dateb then the cookie never makes it to a hard file, it disappears when the browser unloads from memory. Because of this behavior you can work with cookies that live *only* in memory if you wish, but in CF you have to do some tricks to get that to happen. In a nutshell that's pretty much how cookies work. You can do some fancy pants stuff and I can also imagine some situations where this default behavior could be changed but for all intents and purposes this is correct. Now, for <cfapplication>... When you add <cfapplication> to a page what it basically does is provide that browser session with a server side memory area (this is changable but it's the default) to store user variables and it links that memory area to that specific web browser by way of cookies. CF instructs your browser to create two cookies, one called CFID and one called CFTOKEN. Each one stores only a number, pointer information that the server side uses to connect your browser requests to your session data on the server. When CF creates these cookies it sets, by default, an expiration value for the cookies equal to either the default timout value in CF Admin or else the timeout value set manually using the applicationtimeout and sessiontimeout attributes of the cfapplication tag. Since an expiration value is defined, the cookies are written to hard file and persist even after the browser is closed and then re-opened later. This is bad, at least for me, because I want the user's session to end when they click logout, after a certain amount of innactivity, or when the browser is closed. To get CF to use session management and these cookies, yet only use them in memory, you can use a little CF trick that's been around for a while. Add the following code to your page wherever you define your cfapplication tag (usually in an application.cfm file at the root of your application directory)... <cfapplication name="YourApplication" sessionmanagement="Yes"> <cfcookie name="cfid" value="#cookie.cfid#"> <cfcookie name="cftoken" value="#cookie.cftoken#"> What this does is re-write the session cookies created by the cfapplication tag immediately after the cfapplication tag creates them, except the cfcookie tag doesn't set any expiration value so they will only be memory cookies. In other words, on the server side... the cfapplication tag instructs the cfserver to create session memory space for session variables, provide CFID and CFTOKEN values that link to that memory space, create cookie headers with expiration values, and get ready to send the cookies to the browser in the cfserver response. But then the very next tags, the cfcookie tags, recreate those new CFID and CFTOKEN cookies before they are sent the browser. The new cookies will contain the same memory pointer values that the first cookies did, but these new cookies have no expiration value. If there are no further changes later in your page code to these cookies, their contents, or their expiration values, then they are sent to the browser during the cfserver's response and subsequently get set with the proper session pointers but only in browser memory. Problem solved. You get session management (server side session variables), you get a timeout on the server side (the cfserver will kill the CFID and CFTOKEN memory ocations after the CF Admin defined innactivity period, and you get session termination when the browser is cosed because the cookies are constantly re-written as memory cookies each page load. The only drawback is if the users don't ccept cookies, then you have to mess with CFID and CFTOKEN as URL params. I just warn everyone that cookies must be turned on and it avoids all that, but it totally depends on your situation. You might now be in a position to do that. Hope this helps, and please forgive if I've missed anything important or mis-stated something...I did this kind of on the fly :-) Thanks, Darren Houle Sr. Web Developer Health First, Inc. <snip> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
