14 Replies Latest reply on Nov 7, 2017 3:11 PM by Carl Von Stetten

    Session Variables Testing

    weezerboy Level 1

      Is there a way to test how long session variables persist?

       

      I have a site I am working on where the session timeout is set in the CF admin for 4 hours.

       

      I now have a new application within that site that I need a NEVER session timeout.

       

      So I have this in my application.cfc


      <cfset This.name = "my_app">

      <cfset This.Sessionmanagement="true">

      <cfset this.applicationTimeout = createTimeSpan( 100, 0, 0, 0 ) />

      <cfset this.sessionTimeout = createTimeSpan( 100, 0, 0, 0 ) />

       

      I am hoping that this overwrites the 4-hour session timeout and sets the timeout at 100 days, which is fine.

       

      Is there a way I can test this without waiting for 4 hours to see if my session variables persist?

        • 1. Re: Session Variables Testing
          haxtbh Level 4

          Change the CF admin to a really low value i.e. 5 minutes and set your sessionTimeout to 10 minutes and then see it does as you expect.

           

          I assume you have a development server you can do this on!

          • 2. Re: Session Variables Testing
            BKBK Adobe Community Professional & MVP

            weezerboy  wrote

             

            Is there a way to test how long session variables persist?

            There is a way you can test whether a session has ended, without having to hang around. Add the following test code to your application file:

            <cfset this.name = "my_app">

            <cfset this.sessionmanagement="true">

            <cfset this.applicationTimeout = createTimeSpan( 1, 0, 0, 0 ) />

            <cfset this.sessionTimeout = createTimeSpan( 0, 0, 5, 0 ) />

             

            <cffunction name="onSessionEnd" returntype="void">

                   <cfargument name = "sessionScope" required="yes">

                   <cfargument name = "appScope" required="yes">

                 

                    <cflog file="#this.name#" type="Information" text="Session: #arguments.sessionScope.sessionid# ended at #now()#">

            </cffunction>

             

            Open the URL of any test CFM page of my_app in the browser.

            Note down the time.

            Wait just a little over 5 minutes (during which time you shouldn't interact with the my_app application); go make yourself a cup of tea.

            Check the logs. You should see an entry confirming that the session ended and that onSessionEnd has run.

            • 3. Re: Session Variables Testing
              weezerboy Level 1

              OK this makes sense

               

              How come this application.cfc doesn't overwrite the 4-hour session timeout on the server?
              <cfcomponent output="no">

              <cfset This.name = "my_application">

              <cfset This.Sessionmanagement="true">

              <cfset this.applicationTimeout = createTimeSpan( 100, 0, 0, 0 ) />

              <cfset this.sessionTimeout = createTimeSpan( 100, 0, 0, 0 ) />

              </cfcomponent>

               

               

              What should be in the application.cfc to make this never timeout?

              • 4. Re: Session Variables Testing
                BKBK Adobe Community Professional & MVP

                Are you implying that the session times out after 4 hours?

                • 5. Re: Session Variables Testing
                  charlie@carehart.org Adobe Community Professional & MVP

                  weezer: there are two aspects to your question.

                   

                  1) First, as for this desire for your app to override the admin session timeout: you have not clarified whether you are referring to the value there (on the memory variables page) for the default session timeout, or the max timeout?

                   

                  If you're referring to the max timeout, no, you CANNOT override that. That's why it's a max. The default takes effect if an app does NOT set a session timeout. But the max sets the absolute limit for sessions.

                   

                  2) Second, and perhaps more important: what do you mean by saying you want to set a session that never times out? What would be your intent there? You do realize that the session would timeout if CF ever restarted, right?

                   

                  Have you considered instead using client variables? Those never "timeout" (though there is a purge interval that can be set, in terms of days, after which the variables would be removed for a user who has not accessed your server for a given number of days).

                   

                  But really, there's not any valid use case I can think of for sessions that never timeout.

                  • 6. Re: Session Variables Testing
                    weezerboy Level 1

                    Let me try and explain. I have a site that has a 4-hour session timeout on the server. I am building a new application within that site that I don't want to timeout. It's a time clock application and it always needs to be logged in. So I am trying to figure out a way to keep the session always active for my time clock application. Even if it could stay active for a week at a time that would be better than timing out after 4 hours and needing to log back in every 4 hours.

                    • 7. Re: Session Variables Testing
                      BKBK Adobe Community Professional & MVP

                      weezerboy  wrote

                       

                      I have a site that has a 4-hour session timeout on the server. I am building a new application within that site that I don't want to timeout. It's a time clock application and it always needs to be logged in. So I am trying to figure out a way to keep the session always active for my time clock application.

                      You don't need sessions at all for this design. Let alone, long sessions. Sessions are meant to be used by ColdFusion to identify clients that are external to an application. Think, for example, of a web service that has to contact your application in order to keep time. It might want some guarantees about how long it can stay idle during a session.

                       

                      In contrast, your clock is within - hence, part of - the application. So you should be thinking "application" instead of "session". If you store key clock variables in the application scope, they will last the entire lifetime of the application. Therefore, for a clock that must be active for at least a week, the following settings will be sufficient

                       

                      <cfset this.applicationTimeout = createTimeSpan( 7, 0, 0, 0 ) /><!--- 7 days --->

                      <cfset this.sessionTimeout = createTimeSpan( 0, 0, 20, 0 ) />

                       

                      <!--- In your code, store the clock's lifecycle variables in application scope. The natural place to define such variables is in onApplicationStart --->

                      • 8. Re: Session Variables Testing
                        charlie@carehart.org Adobe Community Professional & MVP

                        Weezer, if your need for this timeclock is shared across all users, then sure, the application scope is a place to store the info. I had proposed the client scope (in point 2 of my last replay) as I assumed it was something unique to each user. You make that call.

                         

                        But can you confirm if point 1 of my last reply clarified part of your question?

                        • 9. Re: Session Variables Testing
                          weezerboy Level 1

                          Ok I get it use this

                           

                          <cfset this.applicationTimeout = createTimeSpan( 7, 0, 0, 0 ) />

                           

                          Do I still set any session variables, or will that cause the application to timeout?

                           

                          What does this mean?

                          The natural place to define such variables is in onApplicationStart

                          • 10. Re: Session Variables Testing
                            weezerboy Level 1

                            This is my current application.cfc..is this all I need ?


                            <cfcomponent output="no">

                            <cfset this.name = "my_app">

                            <cffunction name="onApplicationStart" output="no">

                            <cfset this.applicationTimeout = createTimeSpan( 7, 0, 0, 0 ) />

                            </cffunction>

                            </cfcomponent>

                            • 11. Re: Session Variables Testing
                              Carl Von Stetten Adobe Community Professional & MVP

                              Your line:

                              <cfset this.applicationTimeout = createTimeSpan( 7, 0, 0, 0 ) />

                              should not be inside the onApplicationStart function.  It should be right next to where you set the application name.

                               

                              Catching up on the thread from above, your timeclock "application" is sort of a module of the main "application" or site.  You don't want users to be logged out after your 4-hour session timeout.

                              Charlie has done an excellent job explaining session and client variables and the appropriateness of use in this case.  Keep in mind that the session timeout counter will reset each time a call is made to the server (either by browsing to a page or any AJAX calls to the server).  So as long as the user is doing something periodically, you probably won't hit the session timeout.  However, if you want sessions to survive overnight or throughout the week, that is not really how sessions are intended to work (as Charlie stated above).

                              Do people in your organization leave their browsers open and their computers logged in overnight or continuously throughout a week?  (If so, that's probably not optimal behavior from a security standpoint).

                              There are probably a number of ways to keep users "logged in" via client variables (if you choose to use client variables to solve this, please use a database and DO NOT use the registry - that's the path to serious problems).

                              • 12. Re: Session Variables Testing
                                BKBK Adobe Community Professional & MVP

                                weezerboy wrote

                                 

                                <cfcomponent output="no">

                                <cfset This.name = "my_application">

                                <cfset This.Sessionmanagement="true">

                                <cfset this.applicationTimeout = createTimeSpan( 100, 0, 0, 0 ) />

                                <cfset this.sessionTimeout = createTimeSpan( 100, 0, 0, 0 ) />

                                </cfcomponent>

                                 

                                Your application variables are in the right place (as Carl suggests). You just have to modify the values. Something like this:

                                 

                                <cfcomponent output="no">

                                <cfset This.name = "my_application">

                                <cfset This.Sessionmanagement="true">

                                <cfset this.applicationTimeout = createTimeSpan( 7, 0, 0, 0 ) />

                                <cfset this.sessionTimeout = createTimeSpan( 0, 0, 20, 0 ) />

                                <cffunction name="onApplicationStart" returntype="boolean">

                                      <!---Initializing clock variables. Just an idea --->

                                      <cfset application.clockStart = now()>

                                      <cfset application.millisStart = getTickCount()>

                                      <cfreturn true>

                                </cffunction>

                                </cfcomponent>

                                • 13. Re: Session Variables Testing
                                  weezerboy Level 1

                                  This is the latest application.cfc I have, how does this look?

                                   

                                  <cfcomponent output="no">

                                  <cfset this.name = "my_app">

                                  <cfset this.applicationTimeout = createTimeSpan( 7, 0, 0, 0 ) />

                                  <cffunction name="onApplicationStart" output="no">

                                  </cffunction>

                                  </cfcomponent>

                                   

                                   

                                  Last 2 questions

                                   

                                  Do I need to reference sessions at all, like in these2 lines?

                                  <cfset This.Sessionmanagement="true">

                                  <cfset this.sessionTimeout = createTimeSpan( 0, 0, 20, 0 ) />

                                   

                                   

                                  Do I need this?

                                  <cffunction name="onApplicationStart" output="no">

                                  </cffunction>

                                  • 14. Re: Session Variables Testing
                                    Carl Von Stetten Adobe Community Professional & MVP

                                    If you aren't making use of session variables, then you don't need to enable sessions or set a session timeout.  And if you don't put any code inside of the onApplicationStart() function, then you don't need that function to be in your Application.cfc.  You only need to put the various onXXX() functions when you want to intercept those application lifecycle events and do something when those events occur.

                                     

                                    -Carl V.