RE: Using CFCs in session scope - need cflock help

[Jason Dunaway]

I wanted to thank everyone for their input.  I am working part time on
the project which my question was about, so I've not been able to be as
responsive as I would like.  My question has been answered - the problem
I'm having has nothing to do with the lack of cflock tags.  Thanks!!!

-Original Message-
From: Sean Corfield [mailto:[EMAIL PROTECTED] 
Sent: Sunday, April 15, 2007 9:09 PM
To: CF-Talk
Subject: Re: Using CFCs in session scope - need cflock help

On 4/15/07, Jaime Metcher [EMAIL PROTECTED] wrote:
 While we've got the attention of all these big brains, can we just
agree
 that Jason's problem has nothing to do with locking or lack thereof?

Correct. Despite Andrew Scott's repeated long posts about race
conditions, that has nothing whatsoever to do with Jason's original
problem :)
-- 
Sean A Corfield -- (904) 302-SEAN
An Architect's View -- http://corfield.org/

If you're not annoying somebody, you're not really alive.
-- Margaret Atwood



~|
Upgrade to Adobe ColdFusion MX7
The most significant release in over 10 years. Upgrade  see new features.
http://www.adobe.com/products/coldfusion?sdid=RVJR

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275809
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Using CFCs in session scope - need cflock help

[Andrew Scott]

Dave,

Thats what I mean, best practice says use cfqueryparam, and every document
you read regardless of cfmx 5.0, 6.0, 7.0 says when writing to a variable
you will have a race condition.

Now I can't name the version I tested this on, but I followed one of the
articles directions on how a race condition will work. And you know what, it
proves that even this version of Coldfusion needs cflock around perstant
variable writes.

So I went back a version, and tried v7.02 on the same test, same thing the
results indicate a cflock is needed.

So your point is?



On 4/15/07, Dave Watts [EMAIL PROTECTED] wrote:

  You made a valid point, but let me switch to cfquery for a
  min. It has become best practice to use cfqueryparam to stop
  sql injection, but there is times when you don't need it either.
 
  And as discussed on another mailing list about this issue, I
  made the point that if the query is inside a cfunction where
  the conditions where either inside the function or passed
  through as arguments, then a cfqueryparam is certainly not
  needed. But people still do it because it is best practice.

 This is a poor analogy, because it's very easy to determine whether you
 need
 to use CFQUERYPARAM: if you use data that originated from the browser in
 your query, directly or indirectly, you need to prevent SQL injection
 attacks. Otherwise, you don't. It doesn't matter whether your CFQUERY is
 within a function; if it is, and it uses arguments that originated with
 browser-supplied data, then you are vulnerable to the same SQL injection
 attacks. Of course, since CFQUERYPARAM can also provide performance
 benefits, you might want to use it elsewhere as well. In general, prepared
 statements perform better.

 Locking, on the other hand, degrades performance. Unnecessary locking
 degrades performance unnecessarily.

  *Locking shared scope variables within ColdFusion templates
  is an often overlooked process that has severe consequences
  when best practices are not followed. This document will
  explain why the process of locking shared scope variables is
  important and the corresponding best practices.
 
  Developers should be advised that these practices should not
  be considered optional under any circumstances. Most cases of
  ColdFusion site instability can be traced back to inproper
  use or complete lack of locking. ...

 You realize that this quote is not applicable to CFMX, right? Omitting
 locks
 hasn't caused instability since CF 5. There have been significant changes
 to
 how locking works between CF 5 and CFMX, and consequently, to how you
 should
 implement locking within your applications.

 Dave Watts, CTO, Fig Leaf Software
 http://www.figleaf.com/

 Fig Leaf Software provides the highest caliber vendor-authorized
 instruction at our training centers in Washington DC, Atlanta,
 Chicago, Baltimore, Northern Virginia, or on-site at your location.
 Visit http://training.figleaf.com/ for more information!

 This email has been processed by SmoothZap - www.smoothwall.net


 

~|
ColdFusion MX7 by Adobe®
Dyncamically transform webcontent into Adobe PDF with new ColdFusion MX7. 
Free Trial. http://www.adobe.com/products/coldfusion?sdid=RVJV

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275242
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: Using CFCs in session scope - need cflock help

[Andrew Scott]

Oh and btw one of the biggest coldfusion/blue dragon websites also
demonstrates the race conditon problem, using persisant variables that
aren't locked.

So your point Dave?


On 4/15/07, Andrew Scott [EMAIL PROTECTED] wrote:

 Dave,

 Thats what I mean, best practice says use cfqueryparam, and every document
 you read regardless of cfmx 5.0, 6.0, 7.0 says when writing to a variable
 you will have a race condition.

 Now I can't name the version I tested this on, but I followed one of the
 articles directions on how a race condition will work. And you know what, it
 proves that even this version of Coldfusion needs cflock around perstant
 variable writes.

 So I went back a version, and tried v7.02 on the same test, same thing the
 results indicate a cflock is needed.

 So your point is?



 On 4/15/07, Dave Watts [EMAIL PROTECTED] wrote:
 
   You made a valid point, but let me switch to cfquery for a
   min. It has become best practice to use cfqueryparam to stop
   sql injection, but there is times when you don't need it either.
  
   And as discussed on another mailing list about this issue, I
   made the point that if the query is inside a cfunction where
   the conditions where either inside the function or passed
   through as arguments, then a cfqueryparam is certainly not
   needed. But people still do it because it is best practice.
 
  This is a poor analogy, because it's very easy to determine whether you
  need
  to use CFQUERYPARAM: if you use data that originated from the browser in
  your query, directly or indirectly, you need to prevent SQL injection
  attacks. Otherwise, you don't. It doesn't matter whether your CFQUERY is
 
  within a function; if it is, and it uses arguments that originated with
  browser-supplied data, then you are vulnerable to the same SQL injection
  attacks. Of course, since CFQUERYPARAM can also provide performance
  benefits, you might want to use it elsewhere as well. In general,
  prepared
  statements perform better.
 
  Locking, on the other hand, degrades performance. Unnecessary locking
  degrades performance unnecessarily.
 
   *Locking shared scope variables within ColdFusion templates
   is an often overlooked process that has severe consequences
   when best practices are not followed. This document will
   explain why the process of locking shared scope variables is
   important and the corresponding best practices.
  
   Developers should be advised that these practices should not
   be considered optional under any circumstances. Most cases of
   ColdFusion site instability can be traced back to inproper
   use or complete lack of locking. ...
 
  You realize that this quote is not applicable to CFMX, right? Omitting
  locks
  hasn't caused instability since CF 5. There have been significant
  changes to
  how locking works between CF 5 and CFMX, and consequently, to how you
  should
  implement locking within your applications.
 
  Dave Watts, CTO, Fig Leaf Software
  http://www.figleaf.com/
 
  Fig Leaf Software provides the highest caliber vendor-authorized
  instruction at our training centers in Washington DC, Atlanta,
  Chicago, Baltimore, Northern Virginia, or on-site at your location.
  Visit http://training.figleaf.com/ for more information!
 
  This email has been processed by SmoothZap - www.smoothwall.net
 
 
  

~|
Create Web Applications With ColdFusion MX7  Flex 2. 
Build powerful, scalable RIAs. Free Trial
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJS 

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275243
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: Using CFCs in session scope - need cflock help

[Andrew Scott]

TechNote ColdFusion MX: Best practices for locking shared scope variables

Macromedia ColdFusion MX offers several enhancements in the way shared scope
variables are managed internally in memory. This TechNote details updated
best practices for locking shared scope variables.

Best practices for locking shared scope variables remain fundamentally
unchanged from previous
recommendationshttp://www.adobe.com/cfusion/knowledgebase/index.cfm?id=tn_17882,
however, there are subtle differences in best practices for locking in
ColdFusion MX, due to enhancements in the underlying architecture. In
previous versions of ColdFusion, if you did not lock shared scope variables,
it caused corrupt blocks of application memory, resulting in server
instability or crashes. This is no longer the case with ColdFusion MX and
higher. The Java data structures that are used to store shared scope
variables are designed to be thread safe. With ColdFusion MX, if you do not
lock shared scope variables, it will no longer cause server instability or
crashes. Please note, however, there are other potential pitfalls that you
may encounter if you do not lock your shared scope variables, as documented
below.

The cflock tag has not changed in ColdFusion MX, and the recommendation to
use this tag to lock shared scope variables remains the same. Although it is
no longer necessary to worry about your server crashing, it is still
important to avoid*race conditions* in your application code.*Race condition
* is a term that is not specific to ColdFusion programming, but refers to a
common issue that needs to be taken into consideration when programming in
any multithreaded environment. Simply put, a race condition occurs anytime
two threads (in this case, page requests) try to write to the same data at
the same time. The following is an example:

cfset session.cartTotal = session.cartTotal + currentPrice

If two requests to the page that includes this code are made at the same
time, it is possible that in the time between the right-hand side read of
the session.cartTotal, and the left-hand-side write for the second page
request to execute and modify session.cartTotal. The result is corrupt data.
Developers should always ensure that they mitigate or prevent corrupt data
when writing application code. Using the cflock tag in this case will
prevent the race condition:

cflock type=exclusive scope=session timeout=5cfset
session.cartTotal = session.cartTotal +
 currentPrice/cflock

This example uses cflock with the scope attribute as previously specified in
the Best Practices document. It is now acceptable to use the cflock tag with
thename attribute instead:

cflock type=exclusive name=cartTotal timeout=5cfset
session.cartTotal = session.cartTotal +
 currentPrice/cflock

Both examples are equally effective in preventing the race condition. When
using the cflock tag with thename attribute, it is important to ensure that
you always use the same value when reading and writing to the same shared
scope variable. It is often simpler to continue using thescope attribute to
avoid making mistakes in your naming, which could result in a race
condition. Using thename attribute is useful when you want a high level of
granularity in your locking.

Note that you should never ever use different names for locks on code that
accesses the same data. For more information, read the documentation
chapters, Using Persistent Data and Locking and Locking code with
cflock in Developing ColdFusion MX Applications with CFML, both part of
the ColdFusion MX documentation.


~|
Create robust enterprise, web RIAs.
Upgrade  integrate Adobe Coldfusion MX7 with Flex 2
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275244
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: Using CFCs in session scope - need cflock help

[Andrew Scott]

And from the evangelist himself Ben Forta, and NOTE what he says about race
conditions!!


*The more common use of locking is to protect shared memory from corruption.
Let me explain. There are three scopes in ColdFusion that may be accessed by
more than one request at any given time, these are SERVER, APPLICATION, and
SESSION. Prior to ColdFusion MX, ColdFusion had a serious limitation in that
if one request attempted to read or write shared memory while another
request was in the middle of a write, then memory corruption could occur.
This was never an issue with concurrent reads, but any activity concurrent
to a write could cause problems. And these problems were tough to diagnose,
the results of memory corruption can be erratic, delayed, and very
inconsistent. And so we all got used to locking shared memory access, using
LOCK=exclusive for writes and LOCK=readonly for reads. *

*But preventing memory corruption is not the only reason to lock shared
memory. There is actually another reason, one that has nothing to do with a
ColdFusion limitation, and everything to do with multi-threaded applications
in general. Consider the following scenario; you have ten variables in
APPLICATION that your code is updating, and mid-update another request reads
those variables so that it has five old values and five new values. Is that
a problem? Maybe, and maybe not, it depends on your code and application
needs. This is what is known as a race condition, a situation where
unpredictable behavior could result from the execution of code by two or
more requests without proper sequencing. Race conditions are neither
inherently bad nor good, but their results may cause problems for you
depending on what your application is doing. If this type of condition is an
issue for you, then you need to control execution sequence, and in
ColdFusion this is achieved by using tags. *

*So, is the locking of shared memory still needed in ColdFusion MX? The
answer is that it depends on why you are locking. ColdFusion MX does not
suffer from the memory corruption that plagued prior versions, and so not
locking will not harm ColdFusion at all. If the only reason that you ever
locked shared memory was to prevent memory corruption, then no, there is no
need to lock. But race conditions are still an issue, and if you are
concerned about them then you still need to lock access to shared memory. Of
course, race conditions may in fact be an issue that you never paid
attention to because you were locking anyway (to prevent corruption). *

*The bottom line, locking is still needed for any code that is not
multi-thread safe. And locking shared memory access is needed in order to
prevent race conditions, if those are an issue. But locking merely to
prevent memory corruption is, thankfully, a thing of the past. *


~|
Deploy Web Applications Quickly across the enterprise with ColdFusion MX7  
Flex 2
Free Trial 
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJU

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275245
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: Using CFCs in session scope - need cflock help

[James Holmes]

Yes, so there we are, it's optional.

On 4/15/07, Andrew Scott [EMAIL PROTECTED] wrote:


 *So, is the locking of shared memory still needed in ColdFusion MX? The
 answer is that it depends on why you are locking.

-- 
mxAjax / CFAjax docs and other useful articles:
http://www.bifrost.com.au/blog/

~|
Create robust enterprise, web RIAs.
Upgrade  integrate Adobe Coldfusion MX7 with Flex 2
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275248
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Using CFCs in session scope - need cflock help

[Andrew Scott]

James, it says it depends on why you are locking and then it says if you are
expecting a race condition you need to use locking:-)

I can't believe people are not reading it in its full context, as I said I
tried it on 2 different version of CFMX7.02 being a public released version
and both show the race condition as an exisiting problem.

Geez



On 4/15/07, James Holmes [EMAIL PROTECTED] wrote:

 Yes, so there we are, it's optional.

 On 4/15/07, Andrew Scott [EMAIL PROTECTED] wrote:

 
  *So, is the locking of shared memory still needed in ColdFusion MX? The
  answer is that it depends on why you are locking.

 --
 mxAjax / CFAjax docs and other useful articles:
 http://www.bifrost.com.au/blog/

 

~|
Create robust enterprise, web RIAs.
Upgrade  integrate Adobe Coldfusion MX7 with Flex 2
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275250
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: Using CFCs in session scope - need cflock help

[Sean Corfield]

On 4/14/07, Andrew Scott [EMAIL PROTECTED] wrote:
 Thats what I mean, best practice says use cfqueryparam, and every document
 you read regardless of cfmx 5.0, 6.0, 7.0 says when writing to a variable
 you will have a race condition.

No. It is *not* the case that you will have a race condition. It is
possible that your code may be such that a race condition is
*possible*.

For example, this line alone cannot possibly cause a race condition:

cfset application.flag = true /

However, depending on how your code uses that variable, your code may
create the possibility of a race condition and need locking.

A traditional example is:

cfif not structKeyExists(application,initialized) or not
application.initialized
... do a bunch of initialization ...
cfset application.initialized = true /
/cfif

This is prone to race conditions because two request can enter the
bunch code simultaneously. The correct solution here is to lock (on
a named lock) *and* to double-check the condition:

cfif not structKeyExists(application,initialized) or not
application.initialized
cflock name=#application.applicationName#_initialization
type=exclusive timeout=30
cfif not structKeyExists(application,initialized) or not
application.initialized
... do a bunch of initialization ...
cfset application.initialized = true /
/cfif
/cflock
/cfif

However, if the bunch code itself is not affected by the race
condition - e.g., all assignments are simple values with no
dependencies and no other application code would be affected by them
being reset sequentially - then you wouldn't need to lock.

The following is also prone to race conditions if a single user can
make multiple simultaneous requests:

cfset session.count = session.count + 1 /

However, it may not matter that you get a race condition here and if
it doesn't matter, you don't need to lock.

 Now I can't name the version I tested this on, but I followed one of the
 articles directions on how a race condition will work. And you know what, it
 proves that even this version of Coldfusion needs cflock around perstant
 variable writes.

They're not persistent variables (memory is not persistent). They
are shared variables. And just because a race condition is possible
in *some* code does not prove that you need cflock around all shared
variable writes.

In some cases, in some code, you might need to lock.
-- 
Sean A Corfield -- (904) 302-SEAN
An Architect's View -- http://corfield.org/

If you're not annoying somebody, you're not really alive.
-- Margaret Atwood

~|
Deploy Web Applications Quickly across the enterprise with ColdFusion MX7  
Flex 2
Free Trial 
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJU

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275256
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: Using CFCs in session scope - need cflock help

[Andrew Scott]

 cfset application.flag = true /

no on its own that can not cause a race condition, but if somewhere else
there is a read on that variable somewhere then that will cause a race
condition.

So in that scenario if it potentially can cause a race condition then lock
it, as Ben Forta says.

Now as this debate is being discussed because of a CFC inside of a session
scope, there is an extremely high chance that a race condtion is going to
occur, so as Ben says lock it.


~|
ColdFusion MX7 and Flex 2 
Build sales  marketing dashboard RIA’s for your business. Upgrade now
http://www.adobe.com/products/coldfusion/flex2?sdid=RVJT

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275258
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: Using CFCs in session scope - need cflock help

[Jochem van Dieten]

Andrew Scott wrote:
 
 Thats what I mean, best practice says use cfqueryparam, and every document
 you read regardless of cfmx 5.0, 6.0, 7.0 says when writing to a variable
 you will have a race condition.

Just because you can have a race condition doesn't mean you will have a 
race condition.


 Now I can't name the version I tested this on, but I followed one of the
 articles directions on how a race condition will work. And you know what, it
 proves that even this version of Coldfusion needs cflock around perstant
 variable writes.

No it doesn't. It proves that CF needs locking to prevent race 
conditions with some code constructs. It does not prove that CF needs 
locking with all writes to shared variables.


Let me give you the simplest possible example. Let's suppose I have the 
following code in my onRequestStart to get a timestamp with a timezone 
compensation:
cfset session.lastHit = DateAdd('h', -1, Now())

I can use this variable to display the following to the user:
cfoutput
   Last session activity as #session.lastHit#
/cfoutput
This works lock-free without any problems.

I can also use this variable to display the following to the user:
cfoutput
   Page requested at #session.lastHit#, generated in #timer# ms.
/cfoutput
This will show incorrect information in case of overlapping requests.


Race conditions depend just as much on the meaning you give to a 
variable when reading it, as on the timing of the writing.

Jochem


~|
Deploy Web Applications Quickly across the enterprise with ColdFusion MX7  
Flex 2
Free Trial 
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJU

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275259
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: Using CFCs in session scope - need cflock help

[Andrew Scott]

Ok as Sean said, on its own that doesn cause a race condition. So no thats
true.

But, lets say somewhere else in the code you require that same variable for
other reporting. And in the meantime of you begining to do the reporting,
that variable changes. Hence a race conditon has occured.

The argument is not about one variable on its own, as stated the orignal
Author has a CFC stored inside a session variable, this is a classic exmple
that data is changing when he is reading the data out of the CFC, so when
this occurs it is a race condition that is happening.

Forget the one line hit count, as stated on its own and even Ben said that
but if you are worried about a race condition lock it and thats what is
happening here.

I am not interested in anyone saying that one set is going to cause a race
condition, I am more interested in the problem put forward and I am sorry to
say that cflock is required under these circumstances.

If anyone else wants to debate the ins and outs of race conditions then take
it offline, if however you want to discuss the problem this user is having
then so pist away, but I will stand by the statement I made this is a race
condition scenario and it should be treated as such and locked.


On 4/15/07, Jochem van Dieten [EMAIL PROTECTED] wrote:

 Andrew Scott wrote:
 
  Thats what I mean, best practice says use cfqueryparam, and every
 document
  you read regardless of cfmx 5.0, 6.0, 7.0 says when writing to a
 variable
  you will have a race condition.

 Just because you can have a race condition doesn't mean you will have a
 race condition.


  Now I can't name the version I tested this on, but I followed one of the
  articles directions on how a race condition will work. And you know
 what, it
  proves that even this version of Coldfusion needs cflock around perstant
  variable writes.

 No it doesn't. It proves that CF needs locking to prevent race
 conditions with some code constructs. It does not prove that CF needs
 locking with all writes to shared variables.


 Let me give you the simplest possible example. Let's suppose I have the
 following code in my onRequestStart to get a timestamp with a timezone
 compensation:
 cfset session.lastHit = DateAdd('h', -1, Now())

 I can use this variable to display the following to the user:
 cfoutput
   Last session activity as #session.lastHit#
 /cfoutput
 This works lock-free without any problems.

 I can also use this variable to display the following to the user:
 cfoutput
   Page requested at #session.lastHit#, generated in #timer# ms.
 /cfoutput
 This will show incorrect information in case of overlapping requests.


 Race conditions depend just as much on the meaning you give to a
 variable when reading it, as on the timing of the writing.

 Jochem


 

~|
Create Web Applications With ColdFusion MX7  Flex 2. 
Build powerful, scalable RIAs. Free Trial
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJS 

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275260
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Using CFCs in session scope - need cflock help

[Jochem van Dieten]

Andrew Scott wrote:
 cfset application.flag = true /
 
 no on its own that can not cause a race condition, but if somewhere else
 there is a read on that variable somewhere then that will cause a race
 condition.

No it doesn't.

The third factor you need is a statement that sets application.flag to 
something else then true.

The fourth factor you need is that your read actually does something 
wrong if it gets a different value then it expected / should get.


 So in that scenario if it potentially can cause a race condition then lock
 it, as Ben Forta says.
 
 Now as this debate is being discussed because of a CFC inside of a session
 scope, there is an extremely high chance that a race condtion is going to
 occur, so as Ben says lock it.

This debate is in the context of a userbean in the session scope and 
sessions that end prematurely. I would not bother with locking now. 
Sure, in the case of an update to the bean that may give you a one in a 
million chance that on one request you see somebodies old address but 
his new postcode. Big deal. What it does not influence is the chance of 
a premature session end. And since that is an actual, frequently 
occurring problem for OP, the focus should be on solving that problem.

Jochem

~|
Macromedia ColdFusion MX7
Upgrade to MX7  experience time-saving features, more productivity.
http://www.adobe.com/products/coldfusion?sdid=RVJW

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275261
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: Using CFCs in session scope - need cflock help

[Andrew Scott]

Actually that reminded me of why I brought up myspace in the first place.

I have noticed the page views jump up and down on a regular basis, because
someone else has hit the page and when my session has finished it says lets
say 166, then when they finish and I go to view it again it has gone back to
160.

You can't tell me that this occured due to anything else than a race
condition.




On 4/15/07, Andrew Scott [EMAIL PROTECTED] wrote:


 Ok as Sean said, on its own that doesn cause a race condition. So no thats
 true.

 But, lets say somewhere else in the code you require that same variable
 for other reporting. And in the meantime of you begining to do the
 reporting, that variable changes. Hence a race conditon has occured.

 The argument is not about one variable on its own, as stated the orignal
 Author has a CFC stored inside a session variable, this is a classic exmple
 that data is changing when he is reading the data out of the CFC, so when
 this occurs it is a race condition that is happening.

 Forget the one line hit count, as stated on its own and even Ben said that
 but if you are worried about a race condition lock it and thats what is
 happening here.

 I am not interested in anyone saying that one set is going to cause a race
 condition, I am more interested in the problem put forward and I am sorry to
 say that cflock is required under these circumstances.

 If anyone else wants to debate the ins and outs of race conditions then
 take it offline, if however you want to discuss the problem this user is
 having then so pist away, but I will stand by the statement I made this is a
 race condition scenario and it should be treated as such and locked.


  On 4/15/07, Jochem van Dieten [EMAIL PROTECTED] wrote:
 
  Andrew Scott wrote:
  
   Thats what I mean, best practice says use cfqueryparam, and every
  document
   you read regardless of cfmx 5.0, 6.0, 7.0 says when writing to a
  variable
   you will have a race condition.
 
  Just because you can have a race condition doesn't mean you will have a
  race condition.
 
 
   Now I can't name the version I tested this on, but I followed one of
  the
   articles directions on how a race condition will work. And you know
  what, it
   proves that even this version of Coldfusion needs cflock around
  perstant
   variable writes.
 
  No it doesn't. It proves that CF needs locking to prevent race
  conditions with some code constructs. It does not prove that CF needs
  locking with all writes to shared variables.
 
 
  Let me give you the simplest possible example. Let's suppose I have the
  following code in my onRequestStart to get a timestamp with a timezone
  compensation:
  cfset session.lastHit = DateAdd('h', -1, Now())
 
  I can use this variable to display the following to the user:
  cfoutput
Last session activity as #session.lastHit#
  /cfoutput
  This works lock-free without any problems.
 
  I can also use this variable to display the following to the user:
  cfoutput
Page requested at #session.lastHit#, generated in #timer# ms.
  /cfoutput
  This will show incorrect information in case of overlapping requests.
 
 
  Race conditions depend just as much on the meaning you give to a
  variable when reading it, as on the timing of the writing.
 
  Jochem
 
 
  

~|
Create robust enterprise, web RIAs.
Upgrade  integrate Adobe Coldfusion MX7 with Flex 2
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275262
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Using CFCs in session scope - need cflock help

[Andrew Scott]

Then your a fool in the making.

Ok, lets say we have 2 threads running.

Thread number one is checking to see if application.flag is true or not, it
sees it as true it gets hafl way through its process the second thread while
running at the same time has now changed this value halfway through the cfif
condition.

That my friend is a typical example of a race condition, dont be fooled as
Ben says lock it.




On 4/15/07, Jochem van Dieten [EMAIL PROTECTED] wrote:

 Andrew Scott wrote:
  cfset application.flag = true /
 
  no on its own that can not cause a race condition, but if somewhere else
  there is a read on that variable somewhere then that will cause a race
  condition.

 No it doesn't.

 The third factor you need is a statement that sets application.flag to
 something else then true.

 The fourth factor you need is that your read actually does something
 wrong if it gets a different value then it expected / should get.


  So in that scenario if it potentially can cause a race condition then
 lock
  it, as Ben Forta says.
 
  Now as this debate is being discussed because of a CFC inside of a
 session
  scope, there is an extremely high chance that a race condtion is going
 to
  occur, so as Ben says lock it.

 This debate is in the context of a userbean in the session scope and
 sessions that end prematurely. I would not bother with locking now.
 Sure, in the case of an update to the bean that may give you a one in a
 million chance that on one request you see somebodies old address but
 his new postcode. Big deal. What it does not influence is the chance of
 a premature session end. And since that is an actual, frequently
 occurring problem for OP, the focus should be on solving that problem.

 Jochem

 

~|
Upgrade to Adobe ColdFusion MX7
Experience Flex 2  MX7 integration  create powerful cross-platform RIAs
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJQ 

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275263
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Using CFCs in session scope - need cflock help

[Jochem van Dieten]

Andrew Scott wrote:
 Then your a fool in the making.
 
 Ok, lets say we have 2 threads running.
 
 Thread number one is checking to see if application.flag is true or not, it
 sees it as true it gets hafl way through its process the second thread while
 running at the same time has now changed this value halfway through the cfif
 condition.

But now you are changing the scenario. The scenario was:
 cfset application.flag = true /
 no on its own that can not cause a race condition, but if somewhere else
 there is a read on that variable somewhere then that will cause a race
 condition.

You are suddenly adding a second thread that changes the value of 
application.flag to your scenario. Which is incidentally exactly the 
same as the third condition I described.

Your email wasn't wrong per se, but the scenario you described was 
incomplete and hence you were jumping to a conclusion that wasn't warranted.


 That my friend is a typical example of a race condition, dont be fooled as
 Ben says lock it.

If I depend on it being the same during the entire request, I will 
probably still not lock it, but make a local copy. Only if I need it to 
be both the same and recent will I resort to locking.

Jochem

~|
Create Web Applications With ColdFusion MX7  Flex 2. 
Build powerful, scalable RIAs. Free Trial
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJS 

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275264
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: Using CFCs in session scope - need cflock help

[Andrew Scott]

So you wont me to be 100% specfic now, I already stated in my first post
what I do to stop the race condition from happening byt locking th setter in
the component.

I posted Bens article on CFlock and Race Conditions, as well as a FAQ of the
Adobe websote.

So if I say that somewhere else changes the variable, you should be smart
enough to know that if it is going to occur in a race condition to lock it.
So my example was a little more defined that shows a race condtion occuring,
the example of the original poster as a setter and getter inside of a
component stored inside a session scope, this is well and truely open to a
race condition happening so I don't care what anyone says I am under the
Best Practice of cflocking that setter in that case, as outline by Adobe and
Ben Forta.

I should have to say anymore on thje subject.

See thats why you are a fool, you are judging one page on one request, you
have no idea that it is possible to run into a race condition even if I
request one page, and if that page has other components that then require
more information either at the same time or happens to run at the same time
as your one request then a race conditon is more than likely don't you
think.

You have to look at the fact that a page request will run in its own thread,
and if you have another page request from an Ajax call or FDS or Webservice
or whatever, you will instantiate another request or thread and hence be
subject to a race condtion scenario that might only happen 1 in a million
chances, but there is a chance.

So we go back to the origianl User obejct in the session scope, this is open
to reads and writes from different threads that might be out of the scope of
the developers thinking, and hence because it has a setter and getter stored
in a session scope I would take the best practice approach and use a cflock
on the memory write.

Now thats also one reason I made the coment on cfqueryparam, if I control
the information that is going into the cffunction and the conditons no
matter where they come from are controled before the query occurs, I do not
need to use cfqueryparm. But as I stated earlier, people still use it under
the premise that the function will only accept a numeric value, and the
argument is type as numeric if anything else is passed in its going to fail
anyway, but these people still play it safe and follow best practice and use
the cfqueryparam.

So me as a developer, would come along and say ok.

cset application.flag = true /

Now as I said and as Sean stated on its own its not a threat to anything,
but as I also stated I can't assume on how another programmer might use
this, or even how my requirements might change and if you can be absolutly
100% sure that that variable set will never enter a race condition and I
mean that another thread can't be running at the same time that could be
influenced by this variable then don lock it, but if you can't be 100% sure
then lock it and be safe about it.

As I said this discussion has raised its head many times on CFCDev, and the
answer is always the same when dealling with a scenario with session scope
and CFC objects, the best practice would be to lock the writes to the
variables. And in this case they are inside a CFC, that is stored inside a
session scope, now the developer as I stated earlier in this thread is that
he/she can take the intititive to cflock in the setter and cut down on
having to rely on the user of the object to do the right thing or, he/she
can forget about it and rely on the user of the object to do the right
thing.






On 4/15/07, Jochem van Dieten [EMAIL PROTECTED] wrote:

 Andrew Scott wrote:
  Then your a fool in the making.
 
  Ok, lets say we have 2 threads running.
 
  Thread number one is checking to see if application.flag is true or not,
 it
  sees it as true it gets hafl way through its process the second thread
 while
  running at the same time has now changed this value halfway through the
 cfif
  condition.

 But now you are changing the scenario. The scenario was:
  cfset application.flag = true /
  no on its own that can not cause a race condition, but if somewhere else
  there is a read on that variable somewhere then that will cause a race
  condition.

 You are suddenly adding a second thread that changes the value of
 application.flag to your scenario. Which is incidentally exactly the
 same as the third condition I described.

 Your email wasn't wrong per se, but the scenario you described was
 incomplete and hence you were jumping to a conclusion that wasn't
 warranted.


  That my friend is a typical example of a race condition, dont be fooled
 as
  Ben says lock it.

 If I depend on it being the same during the entire request, I will
 probably still not lock it, but make a local copy. Only if I need it to
 be both the same and recent will I resort to locking.

 Jochem

 

~|
ColdFusion MX7 and Flex 2 
Build sales  

RE: Using CFCs in session scope - need cflock help

[Dave Watts]

 Thats what I mean, best practice says use cfqueryparam, and 
 every document you read regardless of cfmx 5.0, 6.0, 7.0 says 
 when writing to a variable you will have a race condition.
 
 Now I can't name the version I tested this on, but I followed 
 one of the articles directions on how a race condition will 
 work. And you know what, it proves that even this version of 
 Coldfusion needs cflock around perstant variable writes.
 
 So I went back a version, and tried v7.02 on the same test, 
 same thing the results indicate a cflock is needed.
 
 So your point is?

If you expect a race condition, and you care about the outcome of that race
condition, you will want to lock access to the code that would cause the
race condition if run concurrently.

If there is no reason to expect a race condition, or if you don't care about
the outcome of the race condition, there is no need to lock access to the
code in question, and there is a performance cost if you do. These cases are
more common, in my experience, than the ones where you do have reason to
expect a race condition and you also care about the results.

In CF 5 and earlier, locking access to session, application and server
scopes was required to keep your server from crashing under load. Race
conditions were a distant second consideration for most CF programmers at
the time.

You seem to think that best practices are a hammer that can be used to
pound every nail you can find. If programming were that simple, anyone could
do it.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/

Fig Leaf Software provides the highest caliber vendor-authorized
instruction at our training centers in Washington DC, Atlanta,
Chicago, Baltimore, Northern Virginia, or on-site at your location.
Visit http://training.figleaf.com/ for more information!

This email has been processed by SmoothZap - www.smoothwall.net


~|
ColdFusion MX7 and Flex 2 
Build sales  marketing dashboard RIA’s for your business. Upgrade now
http://www.adobe.com/products/coldfusion/flex2?sdid=RVJT

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275274
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

RE: Using CFCs in session scope - need cflock help

[Dave Watts]

 And from the evangelist himself Ben Forta, and NOTE what he 
 says about race conditions!!

Try as I might, I can't find one place in that quote that says all access to
session, application or server variables must be locked.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/

Fig Leaf Software provides the highest caliber vendor-authorized
instruction at our training centers in Washington DC, Atlanta,
Chicago, Baltimore, Northern Virginia, or on-site at your location.
Visit http://training.figleaf.com/ for more information!

This email has been processed by SmoothZap - www.smoothwall.net


~|
ColdFusion MX7 and Flex 2 
Build sales  marketing dashboard RIA’s for your business. Upgrade now
http://www.adobe.com/products/coldfusion/flex2?sdid=RVJT

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275275
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

RE: Using CFCs in session scope - need cflock help

[Dave Watts]

 See thats why you are a fool ...

Calling Jochem a fool is not only unwarranted, but so far off the mark I
don't know where to begin. Suffice it to say we need more fools like that.

 Now thats also one reason I made the coment on cfqueryparam, 
 if I control the information that is going into the 
 cffunction and the conditons no matter where they come from 
 are controled before the query occurs, I do not need to use 
 cfqueryparm. But as I stated earlier, people still use it 
 under the premise that the function will only accept a 
 numeric value, and the argument is type as numeric if 
 anything else is passed in its going to fail anyway, but 
 these people still play it safe and follow best practice and 
 use the cfqueryparam.

It appears to me that you fundamentally misunderstand what CFQUERYPARAM
does, and why exactly you should use it. CFQUERYPARAM does something that
you can't otherwise do from within CF code - it lets you separate data
values from executable SQL code. Type-checking your variables is not a
substitute for this, because you would still end up with a single string of
SQL with your embedded value in it.

 Now as I said and as Sean stated on its own its not a threat 
 to anything, but as I also stated I can't assume on how 
 another programmer might use this, or even how my 
 requirements might change and if you can be absolutly 100% 
 sure that that variable set will never enter a race condition 
 and I mean that another thread can't be running at the same 
 time that could be influenced by this variable then don lock 
 it, but if you can't be 100% sure then lock it and be safe 
 about it.

There are plenty of cases where you can be 100% sure, either that there
won't be a race condition or that the outcome of a race condition won't
matter.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/

Fig Leaf Software provides the highest caliber vendor-authorized
instruction at our training centers in Washington DC, Atlanta,
Chicago, Baltimore, Northern Virginia, or on-site at your location.
Visit http://training.figleaf.com/ for more information!

This email has been processed by SmoothZap - www.smoothwall.net


~|
Create robust enterprise, web RIAs.
Upgrade  integrate Adobe Coldfusion MX7 with Flex 2
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275276
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Using CFCs in session scope - need cflock help

[Sean Corfield]

On 4/15/07, Andrew Scott [EMAIL PROTECTED] wrote:
  cfset application.flag = true /

 no on its own that can not cause a race condition, but if somewhere else
 there is a read on that variable somewhere then that will cause a race
 condition.

Wrong.

Code can read that variable to its heart's content all over the
application without a race condition.

 Now as this debate is being discussed because of a CFC inside of a session
 scope, there is an extremely high chance that a race condtion is going to
 occur, so as Ben says lock it.

Not necessarily true. You can have a bean in session scope and never
need to lock it. If the operations are *atomic*.

You are just simply refusing to listen to what people are telling you
and you aren't reading the documents closely enough. I don't think you
actually understand what a race condition is...?
-- 
Sean A Corfield -- (904) 302-SEAN
An Architect's View -- http://corfield.org/

If you're not annoying somebody, you're not really alive.
-- Margaret Atwood

~|
Create Web Applications With ColdFusion MX7  Flex 2. 
Build powerful, scalable RIAs. Free Trial
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJS 

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275281
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Using CFCs in session scope - need cflock help

[Ben Forta]

Just to be very clear, as I am being quoted in this discussion, I wrote:

 But race conditions are still an issue, and if you are concerned about
them then you still need to lock access to shared memory ...  locking ... is
needed in order to prevent race conditions, if those are an issue ...

I did not say that you must always lock, I said that you should lock to
prevent race conditions if those are an issue. As many others have already
stated, race conditions are not necessarily problems, although they could be
so.

--- Ben



-Original Message-
From: Sean Corfield [mailto:[EMAIL PROTECTED] 
Sent: Sunday, April 15, 2007 2:13 PM
To: CF-Talk
Subject: Re: Using CFCs in session scope - need cflock help

On 4/15/07, Andrew Scott [EMAIL PROTECTED] wrote:
  cfset application.flag = true /

 no on its own that can not cause a race condition, but if somewhere else
 there is a read on that variable somewhere then that will cause a race
 condition.

Wrong.

Code can read that variable to its heart's content all over the
application without a race condition.

 Now as this debate is being discussed because of a CFC inside of a session
 scope, there is an extremely high chance that a race condtion is going to
 occur, so as Ben says lock it.

Not necessarily true. You can have a bean in session scope and never
need to lock it. If the operations are *atomic*.

You are just simply refusing to listen to what people are telling you
and you aren't reading the documents closely enough. I don't think you
actually understand what a race condition is...?
-- 
Sean A Corfield -- (904) 302-SEAN
An Architect's View -- http://corfield.org/

If you're not annoying somebody, you're not really alive.
-- Margaret Atwood



~|
Create robust enterprise, web RIAs.
Upgrade  integrate Adobe Coldfusion MX7 with Flex 2
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275283
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Using CFCs in session scope - need cflock help

[Andrew Scott]

Sean,

A race condition is as stated in one of my previous posts.

And I quote again...


If thread one, is running and it checked the condition session.flag is true
and while halfway through that check, the variable is changed it is going to
cause a few problems.

If for instance I have a serious of variables and while I need to use those
variables, and whil reading them in and they change, the results are going
to be unexpected dat results.





On 4/16/07, Sean Corfield [EMAIL PROTECTED] wrote:

 On 4/15/07, Andrew Scott [EMAIL PROTECTED] wrote:
   cfset application.flag = true /
 
  no on its own that can not cause a race condition, but if somewhere else
  there is a read on that variable somewhere then that will cause a race
  condition.

 Wrong.

 Code can read that variable to its heart's content all over the
 application without a race condition.

  Now as this debate is being discussed because of a CFC inside of a
 session
  scope, there is an extremely high chance that a race condtion is going
 to
  occur, so as Ben says lock it.

 Not necessarily true. You can have a bean in session scope and never
 need to lock it. If the operations are *atomic*.

 You are just simply refusing to listen to what people are telling you
 and you aren't reading the documents closely enough. I don't think you
 actually understand what a race condition is...?
 --
 Sean A Corfield -- (904) 302-SEAN
 An Architect's View -- http://corfield.org/

 If you're not annoying somebody, you're not really alive.
 -- Margaret Atwood

 

~|
Deploy Web Applications Quickly across the enterprise with ColdFusion MX7  
Flex 2
Free Trial 
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJU

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275291
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Using CFCs in session scope - need cflock help

[Jaime Metcher]

Wow, this thread sure kicked off.

While we've got the attention of all these big brains, can we just agree
that Jason's problem has nothing to do with locking or lack thereof?  There
are certainly race condition scenarios when initializing shared scopes (as
per Sean's example) that can *look* like a new session is being created,
where in fact all that's happened is you've clobbered your existing session
variables.  But the fact that Jason is seeing new session IDs indicates that
the problem is something completely different.  Yes?

Jaime Metcher

 -Original Message-
 From: Andrew Scott [mailto:[EMAIL PROTECTED]
 Sent: Monday, 16 April 2007 7:18 AM
 To: CF-Talk
 Subject: Re: Using CFCs in session scope - need cflock help


 Sean,

 A race condition is as stated in one of my previous posts.

 And I quote again...


 If thread one, is running and it checked the condition
 session.flag is true
 and while halfway through that check, the variable is changed it
 is going to
 cause a few problems.

 If for instance I have a serious of variables and while I need to
 use those
 variables, and whil reading them in and they change, the results are going
 to be unexpected dat results.





 On 4/16/07, Sean Corfield [EMAIL PROTECTED] wrote:
 
  On 4/15/07, Andrew Scott [EMAIL PROTECTED] wrote:
cfset application.flag = true /
  
   no on its own that can not cause a race condition, but if
 somewhere else
   there is a read on that variable somewhere then that will cause a race
   condition.
 
  Wrong.
 
  Code can read that variable to its heart's content all over the
  application without a race condition.
 
   Now as this debate is being discussed because of a CFC inside of a
  session
   scope, there is an extremely high chance that a race condtion is going
  to
   occur, so as Ben says lock it.
 
  Not necessarily true. You can have a bean in session scope and never
  need to lock it. If the operations are *atomic*.
 
  You are just simply refusing to listen to what people are telling you
  and you aren't reading the documents closely enough. I don't think you
  actually understand what a race condition is...?
  --
  Sean A Corfield -- (904) 302-SEAN
  An Architect's View -- http://corfield.org/
 
  If you're not annoying somebody, you're not really alive.
  -- Margaret Atwood
 
 

 

~|
ColdFusion MX7 and Flex 2 
Build sales  marketing dashboard RIA’s for your business. Upgrade now
http://www.adobe.com/products/coldfusion/flex2?sdid=RVJT

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275297
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Using CFCs in session scope - need cflock help

[Sean Corfield]

On 4/15/07, Jaime Metcher [EMAIL PROTECTED] wrote:
 While we've got the attention of all these big brains, can we just agree
 that Jason's problem has nothing to do with locking or lack thereof?

Correct. Despite Andrew Scott's repeated long posts about race
conditions, that has nothing whatsoever to do with Jason's original
problem :)
-- 
Sean A Corfield -- (904) 302-SEAN
An Architect's View -- http://corfield.org/

If you're not annoying somebody, you're not really alive.
-- Margaret Atwood

~|
Create Web Applications With ColdFusion MX7  Flex 2. 
Build powerful, scalable RIAs. Free Trial
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJS 

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275299
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Using CFCs in session scope - need cflock help

[Jaime Metcher]

Jason,

If you are seeing the session ID values change (as per the earlier thread)
then the user is getting a new session.  Whether there was a race condition
in the old session has nothing to do with it.  The request with the new
session ID is starting with a clean slate and is not even aware the old
session existed.

AFAIK, there's only one thing you can do in code that will cause somebody to
get a new session ID, and that's destroy their cookie with a CFCOOKIE or
CFHEADER tag.  If you're not doing that, the problem must be at the HTTP
level, and all the previous suggestions about browser bugs, proxies and
caching come into play.

I have seen a problem where a proxy cache was mixing up user's sessions so
they would actually see each other's data.  The actual mechanism was that
the proxy would return the cookie headers (to the browser) out of cache.  A
lot of the time, of course, the cached cookie would be referring to an
expired session, so it would look like a session timeout.  We developed a
mechanism for comparing the cookie sent to the browser by the server with
the cookie that the browser sends back - where they're different, there's
been a cache mixup.

We resolved this with no-cache directives.  I'm presuming you've tried that,
but it's suprisingly difficult, so it might be worth another look.  See:

http://www.bpurcell.org/blog/index.cfm?mode=entryentry=1075
http://support.microsoft.com/kb/222064

Ultimately, though, neither browsers nor proxies are obliged to honour your
caching directives.

Jaime Metcher

 -Original Message-
 From: Jason Dunaway [mailto:[EMAIL PROTECTED]
 Sent: Friday, 13 April 2007 11:15 PM
 To: CF-Talk
 Subject: Re: Using CFCs in session scope - need cflock help


 I've been out of the office for 4 days so I'm just now responding.

 Thanks to all who offered valuable feedback and input.

 I am a huge fan of OO programing.  I graduated college in
 December 2002 from Miami U. of Ohio.  The program I studied there
 really focused on OO design and use.  So I've been somewhat
 brainwashed, but I really believe in it despite this.

 So when I took on the current project my employer wanted the site
 cleaned up.  It was a mess prior to the redesign.  I chose to use
 components rather then using cookies or individual session
 variables because I love the structure and organization that a
 nice, neat wrapped up component providesand I love reusing
 code instead of having copies of it everywhere.  Everything is
 much more consistent and logical.  Instantiating them in session
 was a natural choice since, in theory, the data should be
 maintained for the user's session across all pages.  The main
 user component only contains DATA relevant to the user and
 methods that deal with this data.  I honestly don't see a huge
 problem with this because it's not a huge amount of code.  RAM is
 not really a concern to us, the machine is adequately equipped.

 So now we're having issues with the site timing out users
 prematurely and randomly.  We have verified that what is causing
 this is that the user is getting a NEW jsessionid from the
 server.  What we don't know is WHY this is happening.  Responses
 from another post I made where that there are a number of causes,
 many which are unrelated to actual code.

 What I really need to determine is if the lack of cflock in
 appropriate places is the culprit.  I see that there are
 pros/cons to using cfcs in session, as have been noted in most of
 the responses here, but I need to pin down what is causing it.
 If anyone has any helpful advice please send it my way.  If you
 want to scorn me for using CFCs in session scope, please keep
 your comments to yourself unless you truely feel it is relevant
 to my problem.

 Thanks in advance!



 

~|
Macromedia ColdFusion MX7
Upgrade to MX7  experience time-saving features, more productivity.
http://www.adobe.com/products/coldfusion?sdid=RVJW

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275217
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

RE: Using CFCs in session scope - need cflock help

[Jaime Metcher]

Andrew, I just don't see what your code example has to do with race
conditions.  cfset is an atomic operation (didn't used to be, but that's
been fixed) so no race condition is possible.  Using locks like this is a
bizarre but mostly harmless practice that is only common in ColdFusion
because of bugs in earlier versions.  What *isn't* harmless is the notion
that doing this in any way protects you from a real race condition.

I'm preaching to the choir here, but for the record, a race condition looks
like this:

1. I query some piece of shared state.
2. Some other thread or process changes that state
3. I perform some operation that depends on the state not having changed.

Even if we restrict the problem to, say, just the CF session scope, the only
blanket approach that will prevent race conditions is to single-thread the
whole session.  Locking single cfset tags in setter functions will do
nothing for you.

If you don't want to single thread the session (and if you're doing frames
or AJAX you shouldn't), you need to understand for every operation what
shared state it depends on and what the impact of a change in the shared
state would be.   If there would be an impact you care about, put the
querying of the state and the operation where you use it as close together
as possible and wrap them in a lock.

Jaime Metcher

 -Original Message-
 From: Andrew Scott [mailto:[EMAIL PROTECTED]
 Sent: Saturday, 14 April 2007 1:04 PM
 To: CF-Talk
 Subject: Re: Using CFCs in session scope - need cflock help


 Jason,

 I answered your question, in my post I gave you a code example of what you
 need to do.

 So the answer is yes, when writing to any scoped variable you must cflock
 the write. I am very sure I said that:-)





~|
ColdFusion MX7 and Flex 2 
Build sales  marketing dashboard RIA’s for your business. Upgrade now
http://www.adobe.com/products/coldfusion/flex2?sdid=RVJT

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275220
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: Using CFCs in session scope - need cflock help

[Andrew Scott]

Jaime,

In the example of the original question the CFC is stored inside a session
scope.

Anytime one write to session.somevariable, there is a chance that there
could be a race condition. I am sure you know that, and if the session
containes a CFC then the rules of race conditions still need to apply.

This was nutted out many moons ago on the CFCDev mailing list.


~|
Upgrade to Adobe ColdFusion MX7
Experience Flex 2  MX7 integration  create powerful cross-platform RIAs
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJQ 

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275222
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

RE: Using CFCs in session scope - need cflock help

[Dave Watts]

 So the answer is yes, when writing to any scoped variable you 
 must cflock the write. I am very sure I said that:-)

That hasn't been true since CF 5.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/

Fig Leaf Software provides the highest caliber vendor-authorized
instruction at our training centers in Washington DC, Atlanta,
Chicago, Baltimore, Northern Virginia, or on-site at your location.
Visit http://training.figleaf.com/ for more information!

This email has been processed by SmoothZap - www.smoothwall.net


~|
Create robust enterprise, web RIAs.
Upgrade  integrate Adobe Coldfusion MX7 with Flex 2
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275227
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Using CFCs in session scope - need cflock help

[Jaime Metcher]

Andrew,

OK, I'm officially confused.  I remember it being nutted out, and the
conclusion being that you *don't* need to lock when writing to a session
variable.  A simple cfset Session.x = y can't possibly have a race
condition, right?  It *may* be part of a multistatement operation that
creates a race condition, but in itself, no way.

Jaime Metcher

 -Original Message-
 From: Andrew Scott [mailto:[EMAIL PROTECTED]
 Sent: Sunday, 15 April 2007 9:46 AM
 To: CF-Talk
 Subject: Re: Using CFCs in session scope - need cflock help


 Jaime,

 In the example of the original question the CFC is stored inside a session
 scope.

 Anytime one write to session.somevariable, there is a chance that there
 could be a race condition. I am sure you know that, and if the session
 containes a CFC then the rules of race conditions still need to apply.

 This was nutted out many moons ago on the CFCDev mailing list.


 

~|
ColdFusion MX7 by Adobe®
Dyncamically transform webcontent into Adobe PDF with new ColdFusion MX7. 
Free Trial. http://www.adobe.com/products/coldfusion?sdid=RVJV

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275228
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Using CFCs in session scope - need cflock help

[James Holmes]

What if another page with different code has multiple statements, even
though this page has only the one cfset statement? Hitting this page
may cause an inconsistent value in the other (depending on what the
code is supposed to do).

Also, single threading the app is not necessary - named locks give
finer control than locking the whole session.

On 4/15/07, Jaime Metcher [EMAIL PROTECTED] wrote:
 Andrew,

 OK, I'm officially confused.  I remember it being nutted out, and the
 conclusion being that you *don't* need to lock when writing to a session
 variable.  A simple cfset Session.x = y can't possibly have a race
 condition, right?  It *may* be part of a multistatement operation that
 creates a race condition, but in itself, no way.


-- 
mxAjax / CFAjax docs and other useful articles:
http://www.bifrost.com.au/blog/

~|
Upgrade to Adobe ColdFusion MX7
The most significant release in over 10 years. Upgrade  see new features.
http://www.adobe.com/products/coldfusion?sdid=RVJR

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275232
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Using CFCs in session scope - need cflock help

[Andrew Scott]

dave that only applies to reads, sessions might be a bit different as the
race condition as it is per user for a sesion, but a race condition can
happen under certain circumstances.


On 4/15/07, Dave Watts [EMAIL PROTECTED] wrote:

  So the answer is yes, when writing to any scoped variable you
  must cflock the write. I am very sure I said that:-)

 That hasn't been true since CF 5.

 Dave Watts, CTO, Fig Leaf Software
 http://www.figleaf.com/

 Fig Leaf Software provides the highest caliber vendor-authorized
 instruction at our training centers in Washington DC, Atlanta,
 Chicago, Baltimore, Northern Virginia, or on-site at your location.
 Visit http://training.figleaf.com/ for more information!

 This email has been processed by SmoothZap - www.smoothwall.net


 

~|
Upgrade to Adobe ColdFusion MX7
Experience Flex 2  MX7 integration  create powerful cross-platform RIAs
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJQ 

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275233
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Using CFCs in session scope - need cflock help

[Dave Watts]

 dave that only applies to reads, sessions might be a bit 
 different as the race condition as it is per user for a 
 sesion, but a race condition can happen under certain circumstances.

There's a big difference between can happen under certain circumstances
and you must cflock the write. There are plenty of cases where race
conditions will not occur, and still more cases where, while a race
condition could possibly occur, you simply won't care about the outcome.
Therefore, your statement - any writes to a scoped variable must be locked -
strikes me as being incorrect on its face. It is up to the developer to
determine whether the possibility of a race condition is a concern in each
specific case.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/

Fig Leaf Software provides the highest caliber vendor-authorized
instruction at our training centers in Washington DC, Atlanta,
Chicago, Baltimore, Northern Virginia, or on-site at your location.
Visit http://training.figleaf.com/ for more information!

This email has been processed by SmoothZap - www.smoothwall.net


~|
Upgrade to Adobe ColdFusion MX7
Experience Flex 2  MX7 integration  create powerful cross-platform RIAs
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJQ 

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275235
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Using CFCs in session scope - need cflock help

[Andrew Scott]

Ok,

There seems to be a misconception on this...

Let me discuss how one method of development we are doing here, with certain
Webservices and components that are being reused, you can not assume how
someone is going to incorprate these into a UI. If the UI might not contain
the posability of a race condition then YES cflocks will not be needed, but
can one person be 100% sure that a race condition is not going to happen.

Every project is different an every developer approaches things differently,
but the sad fact is that id a variable is held in memory it has the
potential of a race condition and that is the sad fact.

I mean I designed a UserService that was held in session, but when the front
end programer finally implemented the components it failed with all sorts of
weir scenarios, why because I assumed how these people would end up using
the compenent and was fore thinking the problem through.




On 4/15/07, Jaime Metcher [EMAIL PROTECTED] wrote:

 Andrew,

 OK, I'm officially confused.  I remember it being nutted out, and the
 conclusion being that you *don't* need to lock when writing to a session
 variable.  A simple cfset Session.x = y can't possibly have a race
 condition, right?  It *may* be part of a multistatement operation that
 creates a race condition, but in itself, no way.

 Jaime Metcher

  -Original Message-
  From: Andrew Scott [mailto:[EMAIL PROTECTED]
  Sent: Sunday, 15 April 2007 9:46 AM
  To: CF-Talk
  Subject: Re: Using CFCs in session scope - need cflock help
 
 
  Jaime,
 
  In the example of the original question the CFC is stored inside a
 session
  scope.
 
  Anytime one write to session.somevariable, there is a chance that there
  could be a race condition. I am sure you know that, and if the session
  containes a CFC then the rules of race conditions still need to apply.
 
  This was nutted out many moons ago on the CFCDev mailing list.
 
 
 

 

~|
Create Web Applications With ColdFusion MX7  Flex 2. 
Build powerful, scalable RIAs. Free Trial
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJS 

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275237
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: Using CFCs in session scope - need cflock help

[Andrew Scott]

Dave,

You made a valid point, but let me switch to cfquery for a min. It has
become best practice to use cfqueryparam to stop sql injection, but there is
times when you don't need it either.

And as discussed on another mailing list about this issue, I made the point
that if the query is inside a cfunction where the conditions where either
inside the function or passed through as arguments, then a cfqueryparam is
certainly not needed. But people still do it because it is best practice.

*Locking shared scope variables within ColdFusion templates is an often
overlooked process that has severe consequences when best practices are not
followed. This document will explain why the process of locking shared scope
variables is important and the corresponding best practices.

Developers should be advised that these practices should not be considered
optional under any circumstances. Most cases of ColdFusion site instability
can be traced back to inproper use or complete lack of locking. A few extra
lines of code and an understanding of the underlying concepts of locking can
go a long way towards ensuring robust Web applications with maximum
availability and performance.
*
* What Are Shared Scope Variables?

Session scope variables, application scope variables, and server scope
variables are shared scope variables. They are so named because they are
stored in a part of memory that is shared by all of the threads used by
ColdFusion Server to run requests. The physical pieces of memory that are
used to store these variables can be accessed by any of the threads within
the server. Variables are accessed when reading their values or writing
values to them.
Why Does Shared Scope Variable Access Need to Be Locked?

Because ColdFusion Server uses multiple threads (multithreading), it is able
to simultaneously work on requests from multiple users at the same time. It
is also able to work on multiple requests from the same user at the same
time. This can happen with a Web site that utilizes frames, when a user
clicks the reload button on there browser before the initial request has
completed, or when a user has multiple browser windows open.***


~|
ColdFusion MX7 by Adobe®
Dyncamically transform webcontent into Adobe PDF with new ColdFusion MX7. 
Free Trial. http://www.adobe.com/products/coldfusion?sdid=RVJV

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275238
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Using CFCs in session scope - need cflock help

[Dave Watts]

 You made a valid point, but let me switch to cfquery for a 
 min. It has become best practice to use cfqueryparam to stop 
 sql injection, but there is times when you don't need it either.
 
 And as discussed on another mailing list about this issue, I 
 made the point that if the query is inside a cfunction where 
 the conditions where either inside the function or passed 
 through as arguments, then a cfqueryparam is certainly not 
 needed. But people still do it because it is best practice.

This is a poor analogy, because it's very easy to determine whether you need
to use CFQUERYPARAM: if you use data that originated from the browser in
your query, directly or indirectly, you need to prevent SQL injection
attacks. Otherwise, you don't. It doesn't matter whether your CFQUERY is
within a function; if it is, and it uses arguments that originated with
browser-supplied data, then you are vulnerable to the same SQL injection
attacks. Of course, since CFQUERYPARAM can also provide performance
benefits, you might want to use it elsewhere as well. In general, prepared
statements perform better.

Locking, on the other hand, degrades performance. Unnecessary locking
degrades performance unnecessarily.

 *Locking shared scope variables within ColdFusion templates 
 is an often overlooked process that has severe consequences 
 when best practices are not followed. This document will 
 explain why the process of locking shared scope variables is 
 important and the corresponding best practices.
 
 Developers should be advised that these practices should not 
 be considered optional under any circumstances. Most cases of 
 ColdFusion site instability can be traced back to inproper 
 use or complete lack of locking. ...

You realize that this quote is not applicable to CFMX, right? Omitting locks
hasn't caused instability since CF 5. There have been significant changes to
how locking works between CF 5 and CFMX, and consequently, to how you should
implement locking within your applications.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/

Fig Leaf Software provides the highest caliber vendor-authorized
instruction at our training centers in Washington DC, Atlanta,
Chicago, Baltimore, Northern Virginia, or on-site at your location.
Visit http://training.figleaf.com/ for more information!

This email has been processed by SmoothZap - www.smoothwall.net


~|
Deploy Web Applications Quickly across the enterprise with ColdFusion MX7  
Flex 2
Free Trial 
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJU

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275240
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Using CFCs in session scope - need cflock help

[Jason Dunaway]

I've been out of the office for 4 days so I'm just now responding.

Thanks to all who offered valuable feedback and input.  

I am a huge fan of OO programing.  I graduated college in December 2002 from 
Miami U. of Ohio.  The program I studied there really focused on OO design and 
use.  So I've been somewhat brainwashed, but I really believe in it despite 
this.  

So when I took on the current project my employer wanted the site cleaned up.  
It was a mess prior to the redesign.  I chose to use components rather then 
using cookies or individual session variables because I love the structure and 
organization that a nice, neat wrapped up component providesand I love 
reusing code instead of having copies of it everywhere.  Everything is much 
more consistent and logical.  Instantiating them in session was a natural 
choice since, in theory, the data should be maintained for the user's session 
across all pages.  The main user component only contains DATA relevant to the 
user and methods that deal with this data.  I honestly don't see a huge problem 
with this because it's not a huge amount of code.  RAM is not really a concern 
to us, the machine is adequately equipped.  

So now we're having issues with the site timing out users prematurely and 
randomly.  We have verified that what is causing this is that the user is 
getting a NEW jsessionid from the server.  What we don't know is WHY this is 
happening.  Responses from another post I made where that there are a number of 
causes, many which are unrelated to actual code.  

What I really need to determine is if the lack of cflock in appropriate 
places is the culprit.  I see that there are pros/cons to using cfcs in 
session, as have been noted in most of the responses here, but I need to pin 
down what is causing it.  If anyone has any helpful advice please send it my 
way.  If you want to scorn me for using CFCs in session scope, please keep your 
comments to yourself unless you truely feel it is relevant to my problem.  

Thanks in advance!

  

~|
Create robust enterprise, web RIAs.
Upgrade  integrate Adobe Coldfusion MX7 with Flex 2
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275131
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: Using CFCs in session scope - need cflock help

[Andrew Scott]

Jason,

I answered your question, in my post I gave you a code example of what you
need to do.

So the answer is yes, when writing to any scoped variable you must cflock
the write. I am very sure I said that:-)


On 4/13/07, Jason Dunaway [EMAIL PROTECTED] wrote:

 I've been out of the office for 4 days so I'm just now responding.

 Thanks to all who offered valuable feedback and input.

 I am a huge fan of OO programing.  I graduated college in December 2002
 from Miami U. of Ohio.  The program I studied there really focused on OO
 design and use.  So I've been somewhat brainwashed, but I really believe
 in it despite this.

 So when I took on the current project my employer wanted the site cleaned
 up.  It was a mess prior to the redesign.  I chose to use components rather
 then using cookies or individual session variables because I love the
 structure and organization that a nice, neat wrapped up component
 providesand I love reusing code instead of having copies of it
 everywhere.  Everything is much more consistent and logical.  Instantiating
 them in session was a natural choice since, in theory, the data should be
 maintained for the user's session across all pages.  The main user component
 only contains DATA relevant to the user and methods that deal with this
 data.  I honestly don't see a huge problem with this because it's not a huge
 amount of code.  RAM is not really a concern to us, the machine is
 adequately equipped.

 So now we're having issues with the site timing out users prematurely and
 randomly.  We have verified that what is causing this is that the user is
 getting a NEW jsessionid from the server.  What we don't know is WHY this is
 happening.  Responses from another post I made where that there are a number
 of causes, many which are unrelated to actual code.

 What I really need to determine is if the lack of cflock in appropriate
 places is the culprit.  I see that there are pros/cons to using cfcs in
 session, as have been noted in most of the responses here, but I need to pin
 down what is causing it.  If anyone has any helpful advice please send it my
 way.  If you want to scorn me for using CFCs in session scope, please keep
 your comments to yourself unless you truely feel it is relevant to my
 problem.

 Thanks in advance!



 

~|
Create robust enterprise, web RIAs.
Upgrade  integrate Adobe Coldfusion MX7 with Flex 2
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275189
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Using CFCs in session scope - need cflock help

[Jaime Metcher]

It's looking pretty bleak - we can't store CFCs in session because they take
too much memory, and we can't instantiate per request because it takes too
much CPU.Thank heavens for procedural programming. ;)

Seriously, though, I have high hopes of CF8 in this respect.  We have the
language features for OO, but trying to think OO with one eye on the
performance monitor is just a bit too schizoid for me.  Now it's up to Adobe
to tune the app server.  Failing that, you can always write your model in
Java.

Jaime Metcher

 -Original Message-
 From: Dawson, Michael [mailto:[EMAIL PROTECTED]
 Sent: Saturday, 7 April 2007 6:49 AM
 To: CF-Talk
 Subject: RE: Using CFCs in session scope - need cflock help


 Re-instantiating an object, on each request, can be processor-intensive.

 I have used session-based CFCs for a couple of years and have had no
 problems.  I have the data and the methods all in a nice, neat package.

 M!ke

 -Original Message-
 From: Robertson-Ravo, Neil (RX)
 [mailto:[EMAIL PROTECTED]
 Sent: Friday, April 06, 2007 2:15 PM
 To: CF-Talk
 Subject: Re: Using CFCs in session scope - need cflock help

 Well, it's doesn't make any programmatic sense for a start.  They are
 static providing a common layer of functionality, to put them into a
 scope other than application or server (to a degree) just doesn't make
 any sense.

 They can be very memory intensive so giving each user their own
 session CFC which is identical to ever other users doesn't make any
 sense as it would be needless consumption of memory space.

 You also cannot use replication with them in session scope (this may
 have been fixed in CF7/JRun updater, I know it was true before)

 

~|
Macromedia ColdFusion MX7
Upgrade to MX7  experience time-saving features, more productivity.
http://www.adobe.com/products/coldfusion?sdid=RVJW

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:274813
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Using CFCs in session scope - need cflock help

[Mike Kear]

I think that on all these things,  moderation and compromise is the key.

You can spend thousands of your clients dollars tweaking performance
out of every last action on the site, but it's not always warranted.

For example, on a page that's key to the site, the central, most
visited page in the site,  then milliseconds shaved here or there are
probably worth it.   On another page, that might be used once or twice
a week,  saving whole seconds off the processing time might not be
worth the time and money to speed them up.

Similarly,  you can spend a LOT of time fiddling about with getting
RAM usage down by using other techniques than OO.But there are a
lot of advantages to using OO, and if you arent in danger of starving
other parts of the application of RAM,  it's not a bad compromise to
allow RAM to be used up by users' CFCS in the sesson scope - AS LONG
as you dont have so many concurrent user sessons that you hog RAM
needed by other parts of the Appl.   For example if you expect to have
20 concurrent user sessions,  putting userbean.cfcs into session scope
has less impact on the rest of the app  than if you have 500
concurrent user sessions.But even then, whether that degrades the
performance of the application or not depends on other factors as
well,   for example how much total RAM you have, and what else is
going on with that machine  - does it also run a mail server?
database server?  etc etc.

What I'm saying is,  you can worry and fret about all these issues,
but whether it's worth the time and trouble depends on a lot of
factors.   In a high-traffic site,  nearly all of it is worth it.  On
a small business, very low traffic site,  you can do almost anything
and it wont matter a damn to the overall performance of your server.

What counts in the end,  is getting the job done on time, and making
sure it works. Poor architecture might bring your server to its knees,
(in which case you better spend whatever time it takes to get all the
performance tweaks you can)  or it might not make any difference (in
which case, go ahead, launch the site cfcs in RAM or not and go to the
beach, happy in the knowledge you have produced another working site).

In my experience, there is no such thing as a perfect site.  You are
DEFINITELY going to launch a site with things that could be done
better.   Everyone does.   What you have to do is compromise between
the aims and goals of the site owner, the standards and specs of
perfect architecture,  and the time and money you have available to
spend on getting everything right.   Get it as right as you can,
working as well as you can,  then move on.

Don't worry about it.   That's not to say I advocate taking a shoddy
approach.  But sometimes getting ease of maintenance and speedy
development is worth it, even if it degrades performance of the site
slightly.

Cheers
Mike Kear
Windsor, NSW, Australia
Adobe Certified Advanced ColdFusion Developer
AFP Webworks
http://afpwebworks.com
ColdFusion, PHP, ASP, ASP.NET hosting from AUD$15/month




On 4/9/07, Jaime Metcher [EMAIL PROTECTED] wrote:
 It's looking pretty bleak - we can't store CFCs in session because they take
 too much memory, and we can't instantiate per request because it takes too
 much CPU.Thank heavens for procedural programming. ;)

 Seriously, though, I have high hopes of CF8 in this respect.  We have the
 language features for OO, but trying to think OO with one eye on the
 performance monitor is just a bit too schizoid for me.  Now it's up to Adobe
 to tune the app server.  Failing that, you can always write your model in
 Java.

 Jaime Metcher

  -

~|
Deploy Web Applications Quickly across the enterprise with ColdFusion MX7  
Flex 2
Free Trial 
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJU

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:274815
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Using CFCs in session scope - need cflock help

[Robertson-Ravo, Neil (RX)]

So, you are talking about creating CFCs on the fly per user? Dynamic
code-generation?





This e-mail is from Reed Exhibitions (Gateway House, 28 The Quadrant,
Richmond, Surrey, TW9 1DN, United Kingdom), a division of Reed Business,
Registered in England, Number 678540.  It contains information which is
confidential and may also be privileged.  It is for the exclusive use of the
intended recipient(s).  If you are not the intended recipient(s) please note
that any form of distribution, copying or use of this communication or the
information in it is strictly prohibited and may be unlawful.  If you have
received this communication in error please return it to the sender or call
our switchboard on +44 (0) 20 89107910.  The opinions expressed within this
communication are not necessarily those expressed by Reed Exhibitions. 
Visit our website at http://www.reedexpo.com

-Original Message-
From: Dave Watts
To: CF-Talk
Sent: Fri Apr 06 22:29:20 2007
Subject: RE: Using CFCs in session scope - need cflock help

 They can be very memory intensive so giving each user their 
 own session CFC which is identical to ever other users 
 doesn't make any sense as it would be needless consumption of 
 memory space.

If the instances (including instance data) were truly identical, you would
be right. If they're not, there's nothing inherently wrong with storing them
in the Session scope.

 You also cannot use replication with them in session scope 
 (this may have been fixed in CF7/JRun updater, I know it was 
 true before)

Sadly, this is still true in CF 7.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/

Fig Leaf Software provides the highest caliber vendor-authorized
instruction at our training centers in Washington DC, Atlanta,
Chicago, Baltimore, Northern Virginia, or on-site at your location.
Visit http://training.figleaf.com/ for more information!

This email has been processed by SmoothZap - www.smoothwall.net




~|
Upgrade to Adobe ColdFusion MX7
Experience Flex 2  MX7 integration  create powerful cross-platform RIAs
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJQ 

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:274759
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Using CFCs in session scope - need cflock help

[Jason Dunaway]

All, 

I posted yesterday regarding having session timeout issues before the 2hr limit 
we have setup.  This is completely random.  One of the suggestions I got was to 
make sure I'm using CFLOCK where appropriate.  So after reading tons about 
CFLOCK, I'm still confused as to how it applies to session scoped components.  
Here is how I'm using CFCs:

I create the user object in the session scope:

!---CREATE THE USER OBJECT ---
cfobject name=session.myUser component=/cfc/myUser
cfset session.myUser.init(#form.userid#)

All variables in the component are scoped at the VARIABLES level, inside the 
CFC.  Any time that I need to get or set information inside the CFC I use 
getter/setter functions or I do so inside the CFC:

!---GET THE USERID---
cffunction name=getUserID output=false returntype=string access=remote
  cfreturn variables.userID
/cffunction

The call from a page in the site would look something like:

cfset variables.currentUserID = session.myUser.getUserID()

OR

cfset session.myUser.setUserID(#form.userid#)

NOTE:  There is NO cflock around any of these functions (as shown above).

The first function would obviously return data that is in the variables scope 
inside the CFC.which is in session, but not a direct session.varname 
reference which as I understand, does in fact need a cflock wrapped around 
it.  

Hopefully you can see my confusion.  At this point I am not using cflock for 
any of my function calls to the myUser component in session.  Do I need to do 
so?  Technically, my understanding is that the session.myUser object is a 
complex data type variable that is in session.  So any time I write/read data 
from this object (even if the data is inside it in the variables scope) do I 
need a CFLOCK around it?  Such as:

cflock scope=Session type=Exclusive timeout=2 throwontimeout=Yes 
   cfset variables.currentUserID = session.myUser.getUserID()
/cflock

OR

cflock scope=Session type=Exclusive timeout=2 throwontimeout=Yes 
cfset session.myUser.setUserID(#form.userid#)
/cflock

The book I have here in front of me (Programming ColdFusion MX, 2nd ED from 
o'reilly) has a section in chapter 22 called Assigning Component Instances to 
Shared Variable Scopes.it does not mention anything about using cflock for 
this stuff.  

I honestly can't confirm or deny if cflock has anything to do with our issues.  
I'm leaning towards it not being relevant because the problem is that the 
session.myUser object is completely gonenot corrupted by a race condition 
but not existing at all when using an isdefined('session.myUser').

Any help is greatly, greatly appreciated.  We are trying to get to the bottom 
of a big problem that has our customers very unhappy (at least the ones that 
are timing out).  

thanks in advance!

jason

~|
Macromedia ColdFusion MX7
Upgrade to MX7  experience time-saving features, more productivity.
http://www.adobe.com/products/coldfusion?sdid=RVJW

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:274678
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: Using CFCs in session scope - need cflock help

[Robertson-Ravo, Neil (RX)]

You shouldn't be putting CFCs in the session scope... Period.  I would try
and find and alternative method for calling/instantiating them.







This e-mail is from Reed Exhibitions (Gateway House, 28 The Quadrant,
Richmond, Surrey, TW9 1DN, United Kingdom), a division of Reed Business,
Registered in England, Number 678540.  It contains information which is
confidential and may also be privileged.  It is for the exclusive use of the
intended recipient(s).  If you are not the intended recipient(s) please note
that any form of distribution, copying or use of this communication or the
information in it is strictly prohibited and may be unlawful.  If you have
received this communication in error please return it to the sender or call
our switchboard on +44 (0) 20 89107910.  The opinions expressed within this
communication are not necessarily those expressed by Reed Exhibitions. 
Visit our website at http://www.reedexpo.com

-Original Message-
From: Jason Dunaway
To: CF-Talk
Sent: Fri Apr 06 16:00:34 2007
Subject: Using CFCs in session scope - need cflock help

All, 

I posted yesterday regarding having session timeout issues before the 2hr
limit we have setup.  This is completely random.  One of the suggestions I
got was to make sure I'm using CFLOCK where appropriate.  So after reading
tons about CFLOCK, I'm still confused as to how it applies to session scoped
components.  Here is how I'm using CFCs:

I create the user object in the session scope:

!---CREATE THE USER OBJECT ---
cfobject name=session.myUser component=/cfc/myUser
cfset session.myUser.init(#form.userid#)

All variables in the component are scoped at the VARIABLES level, inside the
CFC.  Any time that I need to get or set information inside the CFC I use
getter/setter functions or I do so inside the CFC:

!---GET THE USERID---
cffunction name=getUserID output=false returntype=string
access=remote
  cfreturn variables.userID
/cffunction

The call from a page in the site would look something like:

cfset variables.currentUserID = session.myUser.getUserID()

OR

cfset session.myUser.setUserID(#form.userid#)

NOTE:  There is NO cflock around any of these functions (as shown above).

The first function would obviously return data that is in the variables
scope inside the CFC.which is in session, but not a direct
session.varname reference which as I understand, does in fact need a
cflock wrapped around it.  

Hopefully you can see my confusion.  At this point I am not using cflock
for any of my function calls to the myUser component in session.  Do I
need to do so?  Technically, my understanding is that the session.myUser
object is a complex data type variable that is in session.  So any time I
write/read data from this object (even if the data is inside it in the
variables scope) do I need a CFLOCK around it?  Such as:

cflock scope=Session type=Exclusive timeout=2 throwontimeout=Yes 
   cfset variables.currentUserID = session.myUser.getUserID()
/cflock

OR

cflock scope=Session type=Exclusive timeout=2 throwontimeout=Yes 
cfset session.myUser.setUserID(#form.userid#)
/cflock

The book I have here in front of me (Programming ColdFusion MX, 2nd ED from
o'reilly) has a section in chapter 22 called Assigning Component Instances
to Shared Variable Scopes.it does not mention anything about using
cflock for this stuff.  

I honestly can't confirm or deny if cflock has anything to do with our
issues.  I'm leaning towards it not being relevant because the problem is
that the session.myUser object is completely gonenot corrupted by a
race condition but not existing at all when using an
isdefined('session.myUser').

Any help is greatly, greatly appreciated.  We are trying to get to the
bottom of a big problem that has our customers very unhappy (at least the
ones that are timing out).  

thanks in advance!

jason



~|
ColdFusion MX7 and Flex 2 
Build sales  marketing dashboard RIA’s for your business. Upgrade now
http://www.adobe.com/products/coldfusion/flex2?sdid=RVJT

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:274708
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

RE: Using CFCs in session scope - need cflock help

[Gaulin, Mark]

Well, why not?  Blanket statements like that sound fishy to me is all,
but if there's a good reason behind it... like maybe because lots of
sessions can be created by a crawler, for example. (But that could be
checked for an avoided.) 
Thanks
Mark

-Original Message-
From: Robertson-Ravo, Neil (RX)
[mailto:[EMAIL PROTECTED]
Sent: Friday, April 06, 2007 2:31 PM
To: CF-Talk
Subject: Re: Using CFCs in session scope - need cflock help

You shouldn't be putting CFCs in the session scope... Period.  I would
try and find and alternative method for calling/instantiating them.




~|
Macromedia ColdFusion MX7
Upgrade to MX7  experience time-saving features, more productivity.
http://www.adobe.com/products/coldfusion?sdid=RVJW

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:274714
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Using CFCs in session scope - need cflock help

[Charlie Griefer]

I'll agree with Mark here.

While I personally can't think of a reason for a CFC to be
instantiated into the session scope, i'd avoid such a sweeping
generalization.

Blanket statements like that are always incorrect.  Period.  :)

On 4/6/07, Gaulin, Mark [EMAIL PROTECTED] wrote:
 Well, why not?  Blanket statements like that sound fishy to me is all,
 but if there's a good reason behind it... like maybe because lots of
 sessions can be created by a crawler, for example. (But that could be
 checked for an avoided.)
 Thanks
 Mark

 -Original Message-
 From: Robertson-Ravo, Neil (RX)
 [mailto:[EMAIL PROTECTED]
 Sent: Friday, April 06, 2007 2:31 PM
 To: CF-Talk
 Subject: Re: Using CFCs in session scope - need cflock help

 You shouldn't be putting CFCs in the session scope... Period.  I would
 try and find and alternative method for calling/instantiating them.




 

~|
Deploy Web Applications Quickly across the enterprise with ColdFusion MX7  
Flex 2
Free Trial 
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJU

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:274716
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Using CFCs in session scope - need cflock help

[Mike Kear]

I'd like to know what's wrong with putting CFCs into the session scope too.

There are SOME CFCs that dont belong there, but i'd have thought there
were some that DO belong there.

For example I quite often collect information about the user and their
session in a userbean.cfc.   I'd have thought the session scope was
the perfect place for that.   On the other hand i often use a
CFCFactory.cfc which instantiates CFCs as and when required.  That
belongs in the application scope I'd have thought.

Whats wrong with putting CFCs in the session scope?  The way you said
it, Neil, it looked like you were saying CFCS should NEVER go into the
session scope.Did you mean it that way?

Cheers
Mike Kear
Windsor, NSW, Australia
Adobe Certified Advanced ColdFusion Developer
AFP Webworks
http://afpwebworks.com
ColdFusion, PHP, ASP, ASP.NET hosting from AUD$15/month



On 4/7/07, Gaulin, Mark [EMAIL PROTECTED] wrote:
 Well, why not?  Blanket statements like that sound fishy to me is all,
 but if there's a good reason behind it... like maybe because lots of
 sessions can be created by a crawler, for example. (But that could be
 checked for an avoided.)
 Thanks
 Mark

~|
Create Web Applications With ColdFusion MX7  Flex 2. 
Build powerful, scalable RIAs. Free Trial
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJS 

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:274717
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: Using CFCs in session scope - need cflock help

[Robertson-Ravo, Neil (RX)]

Well, it's doesn't make any programmatic sense for a start.  They are static
providing a common layer of functionality, to put them into a scope other
than application or server (to a degree) just doesn't make any sense. 

They can be very memory intensive so giving each user their own session
CFC which is identical to ever other users doesn't make any sense as it
would be needless consumption of memory space.

You also cannot use replication with them in session scope (this may have
been fixed in CF7/JRun updater, I know it was true before)




 



This e-mail is from Reed Exhibitions (Gateway House, 28 The Quadrant,
Richmond, Surrey, TW9 1DN, United Kingdom), a division of Reed Business,
Registered in England, Number 678540.  It contains information which is
confidential and may also be privileged.  It is for the exclusive use of the
intended recipient(s).  If you are not the intended recipient(s) please note
that any form of distribution, copying or use of this communication or the
information in it is strictly prohibited and may be unlawful.  If you have
received this communication in error please return it to the sender or call
our switchboard on +44 (0) 20 89107910.  The opinions expressed within this
communication are not necessarily those expressed by Reed Exhibitions. 
Visit our website at http://www.reedexpo.com

-Original Message-
From: Gaulin, Mark
To: CF-Talk
Sent: Fri Apr 06 20:04:54 2007
Subject: RE: Using CFCs in session scope - need cflock help

Well, why not?  Blanket statements like that sound fishy to me is all,
but if there's a good reason behind it... like maybe because lots of
sessions can be created by a crawler, for example. (But that could be
checked for an avoided.) 
Thanks
Mark

-Original Message-
From: Robertson-Ravo, Neil (RX)
[mailto:[EMAIL PROTECTED]
Sent: Friday, April 06, 2007 2:31 PM
To: CF-Talk
Subject: Re: Using CFCs in session scope - need cflock help

You shouldn't be putting CFCs in the session scope... Period.  I would
try and find and alternative method for calling/instantiating them.






~|
Create robust enterprise, web RIAs.
Upgrade  integrate Adobe Coldfusion MX7 with Flex 2
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:274719
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: Using CFCs in session scope - need cflock help

[Robertson-Ravo, Neil (RX)]

I will give you that, I was on the move on my BB so typed quick and sent!



This e-mail is from Reed Exhibitions (Gateway House, 28 The Quadrant,
Richmond, Surrey, TW9 1DN, United Kingdom), a division of Reed Business,
Registered in England, Number 678540.  It contains information which is
confidential and may also be privileged.  It is for the exclusive use of the
intended recipient(s).  If you are not the intended recipient(s) please note
that any form of distribution, copying or use of this communication or the
information in it is strictly prohibited and may be unlawful.  If you have
received this communication in error please return it to the sender or call
our switchboard on +44 (0) 20 89107910.  The opinions expressed within this
communication are not necessarily those expressed by Reed Exhibitions. 
Visit our website at http://www.reedexpo.com

-Original Message-
From: Charlie Griefer
To: CF-Talk
Sent: Fri Apr 06 20:09:23 2007
Subject: Re: Using CFCs in session scope - need cflock help

I'll agree with Mark here.

While I personally can't think of a reason for a CFC to be
instantiated into the session scope, i'd avoid such a sweeping
generalization.

Blanket statements like that are always incorrect.  Period.  :)

On 4/6/07, Gaulin, Mark [EMAIL PROTECTED] wrote:
 Well, why not?  Blanket statements like that sound fishy to me is all,
 but if there's a good reason behind it... like maybe because lots of
 sessions can be created by a crawler, for example. (But that could be
 checked for an avoided.)
 Thanks
 Mark

 -Original Message-
 From: Robertson-Ravo, Neil (RX)
 [mailto:[EMAIL PROTECTED]
 Sent: Friday, April 06, 2007 2:31 PM
 To: CF-Talk
 Subject: Re: Using CFCs in session scope - need cflock help

 You shouldn't be putting CFCs in the session scope... Period.  I would
 try and find and alternative method for calling/instantiating them.




 



~|
Create Web Applications With ColdFusion MX7  Flex 2. 
Build powerful, scalable RIAs. Free Trial
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJS 

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:274720
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Using CFCs in session scope - need cflock help

[Josh Nathanson]

 Well, why not?  Blanket statements like that sound fishy to me is all,
 but if there's a good reason behind it... like maybe because lots of
 sessions can be created by a crawler, for example. (But that could be
 checked for an avoided.)

Probably because objects can hog up RAM.  However this will vary depending 
on the size of your objects, number of concurrent users etc.  If you are 
monitoring RAM usage with something like SeeFusion and have confidence that 
you have enough RAM in your machine to handle it, you'll probably be ok.

If you are using user info on a lot of pages in your application, it makes 
sense to carry a user bean in the session scope, rather than re-instantiate 
or re-query on every page.

-- Josh


~|
Macromedia ColdFusion MX7
Upgrade to MX7  experience time-saving features, more productivity.
http://www.adobe.com/products/coldfusion?sdid=RVJW

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:274721
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Using CFCs in session scope - need cflock help

[Robertson-Ravo, Neil (RX)]

But this userbean.cfc is the same CFC for all yes? I mean, same code, same
interface? If so, then why create it multiple times when only the *data*
passed is session specific.


  


This e-mail is from Reed Exhibitions (Gateway House, 28 The Quadrant,
Richmond, Surrey, TW9 1DN, United Kingdom), a division of Reed Business,
Registered in England, Number 678540.  It contains information which is
confidential and may also be privileged.  It is for the exclusive use of the
intended recipient(s).  If you are not the intended recipient(s) please note
that any form of distribution, copying or use of this communication or the
information in it is strictly prohibited and may be unlawful.  If you have
received this communication in error please return it to the sender or call
our switchboard on +44 (0) 20 89107910.  The opinions expressed within this
communication are not necessarily those expressed by Reed Exhibitions. 
Visit our website at http://www.reedexpo.com

-Original Message-
From: Mike Kear
To: CF-Talk
Sent: Fri Apr 06 20:13:30 2007
Subject: Re: Using CFCs in session scope - need cflock help

I'd like to know what's wrong with putting CFCs into the session scope too.

There are SOME CFCs that dont belong there, but i'd have thought there
were some that DO belong there.

For example I quite often collect information about the user and their
session in a userbean.cfc.   I'd have thought the session scope was
the perfect place for that.   On the other hand i often use a
CFCFactory.cfc which instantiates CFCs as and when required.  That
belongs in the application scope I'd have thought.

Whats wrong with putting CFCs in the session scope?  The way you said
it, Neil, it looked like you were saying CFCS should NEVER go into the
session scope.Did you mean it that way?

Cheers
Mike Kear
Windsor, NSW, Australia
Adobe Certified Advanced ColdFusion Developer
AFP Webworks
http://afpwebworks.com
ColdFusion, PHP, ASP, ASP.NET hosting from AUD$15/month



On 4/7/07, Gaulin, Mark [EMAIL PROTECTED] wrote:
 Well, why not?  Blanket statements like that sound fishy to me is all,
 but if there's a good reason behind it... like maybe because lots of
 sessions can be created by a crawler, for example. (But that could be
 checked for an avoided.)
 Thanks
 Mark



~|
Create robust enterprise, web RIAs.
Upgrade  integrate Adobe Coldfusion MX7 with Flex 2
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:274722
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

RE: Using CFCs in session scope - need cflock help

[Brad Wood]

To play devils advocate...
Because, then you wouldn't be encapsulating your data within the object.

-Original Message-
From: Robertson-Ravo, Neil (RX)
[mailto:[EMAIL PROTECTED] 
Sent: Friday, April 06, 2007 2:18 PM
To: CF-Talk
Subject: Re: Using CFCs in session scope - need cflock help

But this userbean.cfc is the same CFC for all yes? I mean, same code,
same
interface? If so, then why create it multiple times when only the *data*
passed is session specific.


~|
Create robust enterprise, web RIAs.
Upgrade  integrate Adobe Coldfusion MX7 with Flex 2
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:274723
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: Using CFCs in session scope - need cflock help

[Robertson-Ravo, Neil (RX)]

Key is still RAM consumption.  If you open say 1000 user sessions, it's a
RAM killer. I fail to see how any system/framework could advocate
duplication of components across such a shared scope.  Be interesting to see
if it is actually required or a programmatic necessity or a misuse.










This e-mail is from Reed Exhibitions (Gateway House, 28 The Quadrant,
Richmond, Surrey, TW9 1DN, United Kingdom), a division of Reed Business,
Registered in England, Number 678540.  It contains information which is
confidential and may also be privileged.  It is for the exclusive use of the
intended recipient(s).  If you are not the intended recipient(s) please note
that any form of distribution, copying or use of this communication or the
information in it is strictly prohibited and may be unlawful.  If you have
received this communication in error please return it to the sender or call
our switchboard on +44 (0) 20 89107910.  The opinions expressed within this
communication are not necessarily those expressed by Reed Exhibitions. 
Visit our website at http://www.reedexpo.com

-Original Message-
From: Brad Wood
To: CF-Talk
Sent: Fri Apr 06 20:25:54 2007
Subject: RE: Using CFCs in session scope - need cflock help

To play devils advocate...
Because, then you wouldn't be encapsulating your data within the object.

-Original Message-
From: Robertson-Ravo, Neil (RX)
[mailto:[EMAIL PROTECTED] 
Sent: Friday, April 06, 2007 2:18 PM
To: CF-Talk
Subject: Re: Using CFCs in session scope - need cflock help

But this userbean.cfc is the same CFC for all yes? I mean, same code,
same
interface? If so, then why create it multiple times when only the *data*
passed is session specific.




~|
Upgrade to Adobe ColdFusion MX7
Experience Flex 2  MX7 integration  create powerful cross-platform RIAs
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJQ 

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:274727
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: Using CFCs in session scope - need cflock help

[Andrew Scott]

Ok,

Let me say that I use CFC's in session, but the only time that I do this is
when I am calling a webservice or CFJsonService with Dojo or Ajax. And there
is a very good reason for me to do this.

Sticking a CFC into session is no different to not sticking it into any
scope, it will still go through memory just as easily. The only difference
with a session is that if it is a singleton it does not go through the
memory as quickly, garbage collection can be slow at times.

Anyway here is the reason why one would use a CFC in a session scope,
regardless of whether or not it is a webservice or not.

In my case, I have an object that holds booking details for a user. Now I
could each and everytime recreate that object when the user requests it, but
I need to hold certain information until the user is finished with it, and a
user can only have one booking open at a time then there is no problem. But
in case they did then I could have a bookingHandler that could pull the open
bookings out.

Anyway the point is there are times when it is more convinient to hold it in
the session scope, because it is tied to one user. Now I could be smart and
make the bookingHandler be user aware and store it in the application scope,
but either way there is no problem.

Now, as far as the original question goes.

The rules of race conditions need to apply, so basically this translates to
the fact that any read does not need to be locked. But any write to a
variable MUST be locked. Unless you can guarantee 100% that there will be no
race conditions.

So the solution would be something like this in my eyes.

cfset session.bookingObject = CreateObject() /
cfset session.setBookingNumber(...) /
 cfset session.getBookingNumber() /

In my bookingObject I would have this

cffunction name=getBookingNumber
 cfreturn variables.bookingNumber /
/cffunction

cffunction name=setBookingNumber
 cfargument name=bookingNumber . /
 cflock .
  cfset variables.bookingNumber = Arguments.bookingNumber /
 /cflock
/cffunction

As you can see, by me putting the cflock inside the object, I am making sure
that the programmer doesn;t need to worry about all that extra code on the
outside, but on the same token it stops any race conditions from happening
as well.

HTH

Andrew Scott
Senior Coldfusion Developer
Aegeon Pty. Ltd.
www.aegeon.com.au




On 4/7/07, Robertson-Ravo, Neil (RX) [EMAIL PROTECTED]
wrote:

 Key is still RAM consumption.  If you open say 1000 user sessions, it's a
 RAM killer. I fail to see how any system/framework could advocate
 duplication of components across such a shared scope.  Be interesting to
 see
 if it is actually required or a programmatic necessity or a misuse.










 This e-mail is from Reed Exhibitions (Gateway House, 28 The Quadrant,
 Richmond, Surrey, TW9 1DN, United Kingdom), a division of Reed Business,
 Registered in England, Number 678540.  It contains information which is
 confidential and may also be privileged.  It is for the exclusive use of
 the
 intended recipient(s).  If you are not the intended recipient(s) please
 note
 that any form of distribution, copying or use of this communication or the
 information in it is strictly prohibited and may be unlawful.  If you have
 received this communication in error please return it to the sender or
 call
 our switchboard on +44 (0) 20 89107910.  The opinions expressed within
 this
 communication are not necessarily those expressed by Reed Exhibitions.
 Visit our website at http://www.reedexpo.com

 -Original Message-
 From: Brad Wood
 To: CF-Talk
 Sent: Fri Apr 06 20:25:54 2007
 Subject: RE: Using CFCs in session scope - need cflock help

 To play devils advocate...
 Because, then you wouldn't be encapsulating your data within the object.

 -Original Message-
 From: Robertson-Ravo, Neil (RX)
 [mailto:[EMAIL PROTECTED]
 Sent: Friday, April 06, 2007 2:18 PM
 To: CF-Talk
 Subject: Re: Using CFCs in session scope - need cflock help

 But this userbean.cfc is the same CFC for all yes? I mean, same code,
 same
 interface? If so, then why create it multiple times when only the *data*
 passed is session specific.




 

~|
Create robust enterprise, web RIAs.
Upgrade  integrate Adobe Coldfusion MX7 with Flex 2
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:274728
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Using CFCs in session scope - need cflock help

[Dave Watts]

 But this userbean.cfc is the same CFC for all yes? I mean, 
 same code, same interface? If so, then why create it multiple 
 times when only the *data* passed is session specific.

From an OO perspective, the object IS the data. The overhead of storing a
few lines of related code with your data is a minor price to pay for being
able to think about objects instead of procedures.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/

Fig Leaf Software provides the highest caliber vendor-authorized
instruction at our training centers in Washington DC, Atlanta,
Chicago, Baltimore, Northern Virginia, or on-site at your location.
Visit http://training.figleaf.com/ for more information!

This email has been processed by SmoothZap - www.smoothwall.net


~|
Upgrade to Adobe ColdFusion MX7
Experience Flex 2  MX7 integration  create powerful cross-platform RIAs
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJQ 

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:274730
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Using CFCs in session scope - need cflock help

[Dave Watts]

 They can be very memory intensive so giving each user their 
 own session CFC which is identical to ever other users 
 doesn't make any sense as it would be needless consumption of 
 memory space.

If the instances (including instance data) were truly identical, you would
be right. If they're not, there's nothing inherently wrong with storing them
in the Session scope.

 You also cannot use replication with them in session scope 
 (this may have been fixed in CF7/JRun updater, I know it was 
 true before)

Sadly, this is still true in CF 7.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/

Fig Leaf Software provides the highest caliber vendor-authorized
instruction at our training centers in Washington DC, Atlanta,
Chicago, Baltimore, Northern Virginia, or on-site at your location.
Visit http://training.figleaf.com/ for more information!

This email has been processed by SmoothZap - www.smoothwall.net


~|
Upgrade to Adobe ColdFusion MX7
Experience Flex 2  MX7 integration  create powerful cross-platform RIAs
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJQ 

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:274731
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Using CFCs in session scope - need cflock help

[Jochem van Dieten]

Robertson-Ravo, Neil (RX) wrote:
 Well, it's doesn't make any programmatic sense for a start.  They are static
 providing a common layer of functionality, to put them into a scope other
 than application or server (to a degree) just doesn't make any sense. 

But what if they aren't static?


 They can be very memory intensive so giving each user their own session
 CFC which is identical to ever other users doesn't make any sense as it
 would be needless consumption of memory space.

Memory is cheap, it can be a reasonable price for encapsulation.


 You also cannot use replication with them in session scope (this may have
 been fixed in CF7/JRun updater, I know it was true before)

In case of a userBean.cfc that is easily worked around by having a 
second session variable with just the userID that reinits the component:
cfif NOT StructKeyExists(session, currentUser) OR NOT 
IsObject(session.currentUser) OR NOT 
isInstanceOf(obj=session.currentUser, reqType=UserBean)
   cfset currentUser = getBean(UserBean).init(session.userID)
   cfset session.currentUser = currentUser
/cfif
See http://www.feed-squirrel.com/index.cfm?evt=viewItemID=4983 for an 
isInstanceOf() function. It isn't pretty but does the job until we have 
true replication of objects in sessions.

Jochem

~|
Macromedia ColdFusion MX7
Upgrade to MX7  experience time-saving features, more productivity.
http://www.adobe.com/products/coldfusion?sdid=RVJW

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:274732
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

RE: Using CFCs in session scope - need cflock help

[Dawson, Michael]

Re-instantiating an object, on each request, can be processor-intensive.

I have used session-based CFCs for a couple of years and have had no
problems.  I have the data and the methods all in a nice, neat package.

M!ke 

-Original Message-
From: Robertson-Ravo, Neil (RX)
[mailto:[EMAIL PROTECTED] 
Sent: Friday, April 06, 2007 2:15 PM
To: CF-Talk
Subject: Re: Using CFCs in session scope - need cflock help

Well, it's doesn't make any programmatic sense for a start.  They are
static providing a common layer of functionality, to put them into a
scope other than application or server (to a degree) just doesn't make
any sense. 

They can be very memory intensive so giving each user their own
session CFC which is identical to ever other users doesn't make any
sense as it would be needless consumption of memory space.

You also cannot use replication with them in session scope (this may
have been fixed in CF7/JRun updater, I know it was true before)

~|
ColdFusion MX7 and Flex 2 
Build sales  marketing dashboard RIA’s for your business. Upgrade now
http://www.adobe.com/products/coldfusion/flex2?sdid=RVJT

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:274733
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4