Hi all, We are porting some existing Adobe CF apps to openBD, at least we are trying :-) And one of the things that I had to look into is the session and client behavior in Application.cfc and I am seeing some very strange things, that maybe somebody else can explain. I have a very simple setup. Tomcat+OpenBD, calling Tomcat directly, not through a seperate webserver. It is on Windows (sorry). I have an Application.cfc with settings that I play around with, and all possible functions like onClientStart, onSessionStart, onSessionEnd, etc, with "some" output, so I can actually see which functions are triggered in every page request. And basic output in the main template displaying the client & cookie variables. Also in the admin I monitor "the amount of active sessions". I am pretty sure I am alone on this instance, so all active sessions are mine. The page also has a link to itself, so I can see what happens if you click through.
<cfset this.name = "appname"> <cfset this.sessionmanagement = "Yes"> <cfset this.clientmanagement = "No"> <cfset this.setclientcookies = "No"> Results in new CFID & CFTOKEN values being set for every page request. The onSessionStart is triggered every time. I see the number of active sessions increasing. This is what I expected to see, after all, I don't have the application set cookies. If I change to: <cfset this.name = "appname"> <cfset this.sessionmanagement = "Yes"> <cfset this.clientmanagement = "No"> <cfset this.setclientcookies = "Yes"> It will keep my sessions. Even when I close the browser and re-open it, the session remains. Again, that is what I expected. A possible next step is to remove the setclientcookies again and set the cookies myself (e.g. to have the cookies being killed when I close the browser). But now this: <cfset this.name = "appname"> <cfset this.sessionmanagement = "Yes"> <cfset this.clientmanagement = "No"> <cfset this.setclientcookies = "Yes"> <cfset this.sessiontimeout = CreateTimeSpan(0,0,0,5)> What I would expect is when I wait for more then 5 seconds before clicking, it would give me a new session. But it doesn't! In fact, I can wait for minutes and the session still remains. So the sessiontimeout doesn't seem to work at all. So I close the browser and re-open it, and new session. Huh?! I do not understand, but it is reproducable. The close-browser-open-browser trick seems to work with the sessiontimeout, I get new session every time. But it gets even worse, this is in IE. In Chrome this works differently. I can close- open-browser with minutes in between and still the session is the same. And the third signal that something is strange is this: when I close-open in IE, I get a new session, but I can see that the "active sessions" has increased by 1, so the old session has not time-outed, it still exists, but I just got a new one. Please help me. How is the <cfset this.sessiontimeout = CreateTimeSpan(0,0,0,5)> supposed to work? And is there a difference possible between just page requests and close-open-browser action? I know that it is possible to have cookies killed when the browser is closed, but for that I would have to setclientcookies=no and set the cookies manually. But that is not what I am doing. Next is some tests with clientmanagement. Clientmanagement through a database works fine, but clientmanagement via cookies, like: <cfset this.name = " appname "> <cfset this.sessionmanagement = "No"> <cfset this.clientmanagement = "Yes"> <cfset this.setclientcookies = "Yes"> <cfset this.clientStorage = "cookie"> Now something strange happens. The CFID & CFTOKEN values remain the same with every page request, but the onClientStart function is triggered every time. So client scope is “started” with every page request again, while CFID & CFTOKEN remain stable. That is also not what I expected to see. Also the client.hitcount is 1 every time. It looks like client variables via cookies are not going to work. I am curious to hear if anybody can comment on the above. Also: still very enthiousiastic about openBD, see also some other recent posts. It is just that the above is important to understand how openBD behaves. Like e.g. the very short sessiontimeout we use to fight spambots/spiders/crawlers to create huge numbers of sessions which take up all server memory. I need to be able to control that. Thanks a lot. Ivo -- online documentation: http://openbd.org/manual/ google+ hints/tips: https://plus.google.com/115990347459711259462 http://groups.google.com/group/openbd?hl=en
