0 Replies Latest reply on Oct 9, 2013 7:25 AM by Aegis Kleais

    Am I understanding the SESSION scope properly?

    Aegis Kleais Level 3

      I'm working on my framework and am at a point where I want to store user information into the SESSION.


      In my onSessionStart() I've created the default structure, set it into the SESSION scope, and all is well.  To my understanding, if session management is on, ColdFusion attempts to provide a CFID and CFTOKEN value to the user's computer that is tied to the current session, right?  If that user is accepting cookies, those ID's are stored as cookies on their machine, and each time they make a new request to the server, their browser sends those identifiers so that CF can see what session information is tied to that user (due to the stateless nature of HTTP).


      But if the user has cookies disabled, I'd expect that CF would see that user's subsequent requests as being those from a brand new user, because no IDENTIFIER is being provided in the request, so CF would end up firing off another CFID and CFTOKEN to the user each and everytime they made a request, correct?  This is where they suggest that if you need to maintain session, I could pass the URLToken into each request of a page and read those values, since if it exists in each request, it can be used to maintain the user's pseudo SESSION.


      One of my questions is, if the user has cookies disabled, and I store information into the SESSION, that won't stop me from being able to reference that SESSION data for the current request, will it?  I just won't see any changes I make to the data in that SESSION stick on the user's next page request, correct?