• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

session variable

Guest
Apr 15, 2008 Apr 15, 2008

Copy link to clipboard

Copied

I am using session variable for my login. do i have to use cflock? I have only 20 users are using this app. I might use this app in the future for paying dues online.

<cfif UCASE(Session.logged_in) eq "FALSE">
<cflocation url="test.cfm" addtoken="no">
</cfif>
--------------------------------------------------------
Applcation.cfm
<cfapplication
name="app"
sessionmanagement="Yes"
clientmanagement="Yes"
clientstorage="cookie"
applicationtimeout="#createtimespan(2,0,0,0)#"
sessiontimeout="#createtimespan(0,0,35,0)#">


<cfif isdefined("cookie.cfid") and isdefined("cookie.cftoken")>
<cfset cfid_local = cookie.cfid>
<cfset cftoken_local = cookie.cftoken>
<cfcookie name="cfid" value="#cfid_local#">
<cfcookie name="cftoken" value="#cftoken_local#">
</cfif>
TOPICS
Advanced techniques

Views

445

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Apr 15, 2008 Apr 15, 2008

Copy link to clipboard

Copied

Nick201 wrote:
> I am using session variable for my login. do i have to use cflock?

Only if your code has a race condition with which you are concerned
about. And with the session scope that would be fairly difficult
because it would only exist if an individual user was using multiple
browsers simultaneously connected to your application.

OR you are using a very old version of ColdFusion!

There is some VERY dated advice to ALWAYS use <cflock...> with all
global scopes, including the session scope. This was from a bug in
these scopes in the version 4.x days, with which locking all reads and
writes to these scopes was a work around.

That particular issue has not been relevant during the 21st century.
But this 'best' practice does not seem to be going away. Even though it
is no longer 'best' and in fact can cause serious performance and
throughput issues creating an application that is not scalable if one is
to over lock code unnecessarily.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Apr 16, 2008 Apr 16, 2008

Copy link to clipboard

Copied

So your advice is use cflock right..

where do i put cflock then. I mean in application.cfm page or everypage when i use session variable,



Thanks

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Apr 16, 2008 Apr 16, 2008

Copy link to clipboard

Copied

Nick201 wrote:
> So your advice is use cflock right..
>
> where do i put cflock then. I mean in application.cfm page or everypage when i use session variable,
>
>
>
> Thanks


Ummm, No my advice is NOT to use <cflock....> unless you have a specific
reason to do so. The only reason you would ALWAYS use <cflock...> is if
you are still using ColdFusion 4.x? Are you still using a 10+ year old
version of ColdFusion?

If you do have a specific reason to use <cflock...> then you would put
it around the specific piece(s) of code that you want only to be run one
thread at at time not matter how many requests are trying to run it.
Just be sure to understand the cost and limitations of doing so. You
should understand the differences between named and scope locks and how
they work with different <cflock...> blocks of code.



Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Apr 16, 2008 Apr 16, 2008

Copy link to clipboard

Copied

Thanks.
Currently I am checking each single page -user log in or not

<cfif (Session.logged_in) eq "FALSE">
<cflocation url="login.cfm" addtoken="no">
</cfif>
Is this right?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Apr 16, 2008 Apr 16, 2008

Copy link to clipboard

Copied

Nick201 wrote:
> Thanks.
> Currently I am checking each single page -user log in or not
>
> <cfif (Session.logged_in) eq "FALSE">
> <cflocation url="login.cfm" addtoken="no">
> </cfif>
> Is this right?

I would put this logic in an Application.cfm or Application.cfc file so
that is is automatically done every request with one piece of reused
code the is easy to update when required.

Of course some logic would need to exist to that the logic is NOT
executed when 'login.cfm' is requested, otherwise one would have an
endless loop of redirects.

Other then that, yes that is a very common way to authenticate a user to
a CFML template.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Advocate ,
Apr 17, 2008 Apr 17, 2008

Copy link to clipboard

Copied

LATEST
<cfif (Session.logged_in) eq "FALSE" AND cgi.script_name NEQ "login.cfm">
<cflocation url="login.cfm" addtoken="no">
</cfif>

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation