Robertson-Ravo, Neil (RX) wrote: > Jochem's example aside how would you keep state for say an administration > process which requires session awareness? i.e. a secure login to a forum or > beta side ala labs.adobe.com
Keeping state is a two part process: - identifying an HTTP request as part of a session; - making session data available from request to request in a session. You have the following options for the identification step: - cookies; - URL variables; - FORM variables; - SSL client certificates; - HTTP authentication. The granularity of these methods differs, e.g. cookies and HTTP authentication are shared between multiple windows of the same browser process, URL and FORM variables not necessarily so, but in most cases these options can be used interchangeable. The options for making session data available from request to request are too many to mention. Out of the box CF comes with the following: - keep it in RAM in a single instance (session vars); - keep it in RAM in multiple instances but (session clustering); - keep it in a database (client variables); - keep it in the registry (client variables). But you can easily extend CF to use something else like writing a WDDX packet to the filesystem on each request (that comes close to what PHP does). All of the options for the first part can be combined with all of the options for the second part. You can literally mix and match till you find the optimal combination. For the examples you give, a forum and labs.adobe.com, all you really need is identification. That means that if you use SSL Client Certificates or HTTP authentication the browser will send its credentials on every request anyway, so you don't even need part 2. It is quite likely you want to use some of part 2 anyway because you want to cache certain information in RAM instead of getting it again on every request. So you add session variables to the mix and keep sticky sessions. No problem if there is a failover to another instance, you rebuild the info on the fly so it essentially has the same effect as a cache miss. If you need a more session info, like the content of a shopping cart, and you can absolutely not afford to lose any sessions, just keep it both in RAM and in a database and use sticky sessions. Whenever the content of the shopping cart changes update the database, but all reads come from RAM. If there is a server failover, just read the info from the database and again the net effect is merely a cache miss and not a lost session. Or if you don't care, just use sticky sessions without anything else and if a server fails some people have to login again. Combine whatever you need, there is no 'one size fits all' solution. Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Upgrade to Adobe ColdFusion MX7 The most significant release in over 10 years. Upgrade & see new features. http://www.adobe.com/products/coldfusion?sdid=RVJR Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:277730 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
