Skip navigation
wannab0133
Currently Being Moderated

where to store location variable

Apr 2, 2012 5:50 AM

Tags: #sessions

I have an intranet application that will be used by many users.  Each user has one or many locations.  The data is dispayed by location, so the user selects which location they are working with from a drop down in the header.  Once they select their location, the can begin viewing and updating the data.  I store the location in a session variable and use it in all my queries to select only that particular location, or to only insert or update that location.  Is the session variable the right thing to use here?  I am concerned because the user can leave the computer while filling out a form and come back in an hour or so, and the session variable will have timed out.  I cannot default it to anything and they will get an error.  Any deas of a better way to store the location?

 
Replies
  • Currently Being Moderated
    Apr 3, 2012 8:28 AM   in reply to wannab0133

    Store location in a cookie.

     
    |
    Mark as:
  • Currently Being Moderated
    Apr 4, 2012 9:37 AM   in reply to wannab0133

    There is nothing wrong with storing it in a session if you are OK with prompting them for the value again if they let their session timeout.

     

    Getting errors is, of course, not acceptable. You need to write your application so that before it tries to use the session value it checks for its existence. If it does not exist, then redirect the user to a page where they can select it again.

     

    If you are not OK with prompting them for the value again, then you'll have to do somethign else, like set a cookie. If they have cookies disabled you will need to warn them that the application will not work with cookies disabled. Of course, sessions won't work with cookies disabled either. Frankly, I think users with cookies disabled are stupid and they are probably use to havign 80% of the internet not work for them.

     

    There are no perfect solutions in a stateless environemnt like the web. You are not going to find a better solution than storing it in a session variable or in a cookie.

     

    jason

     
    |
    Mark as:
  • Currently Being Moderated
    Apr 4, 2012 12:46 PM   in reply to wannab0133

    Store the value in a cookie.  If the user disables cookies, screw him, perfection is too expensive. 

    Also, restore the session timeout.

     
    |
    Mark as:
  • Currently Being Moderated
    Apr 4, 2012 1:04 PM   in reply to wannab0133

    wannab0133 wrote:

     

    I also do NOT have a session timeout set.

    Do you mean you have not set it, or you have no write-access to the Application file?

     
    |
    Mark as:
  • Currently Being Moderated
    Apr 5, 2012 12:44 AM   in reply to wannab0133

    wannab0133 wrote:

     

    I restored the session timeout.

    Aha. I am assuming you've done something like this in the application file:

     

    In Application.cfm:

    <cfapplication name="myApp" applicationTimeout = "#createTimespan(1,0,0,0)#" loginStorage = "session" sessionmanagement="yes" sessiontimeout="#createtimespan(0,1,0,0)#".>

     

    In Application.cfc:

    this.name = "myApp";

    this.applicationTimeout = "#createTimespan(1,0,0,0)#";

    this.loginStorage = "session";

    this.sessionManagement = "true";

    this.sessionTimeout = "#createTimeSpan(0,1,0,0)#";

     

    You should then have, on the action page of the form which sets the location:

     

    <cfset session.location = form.location>

     

    Naturally, at some point down the line, your code uses the variable session.location. That is why you created it.

     

    Just before that point, perform a test for the existence of session.location. If it doesn't exist, redirect the user to the login page.

     

    I just dont [want] to take them to the choose location page every time they login.

     

    You should. I do believe that that is the standard way.

     

    User logs in. ColdFusion attributes a session to the user. You attach the user's specific variables, such as location, to the session (also possible by other means such as cookie, client, etc., but I'm only talking here about session). One user-specific variable you also attach to the session is the login.

     

    Once the session expires, so does the user's login. There is therefore no point in ColdFusion holding on to a location for which there is no logged-in user.

     

    If a location is specific to a user, and you want your application to remember it, then store it in the database. Again, there are alternatives here, for example, storage in a cookie.

     
    |
    Mark as:

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points