This content has been marked as final. Show 6 replies
That is the way sessions generally work. Do sessions work at all on the
site? Is it possible that they have been disabled in the ColdFusion
Administrator. They can be turned off there.
Ian, Session variables are enabled in the administrator and set for 2 days before timing out. So what you are telling me is that I need to use client variables instead? Or will these "disappear' if a user goes out the folder containing the application.cfc and then back in to continue updating?
> Ian, Session variables are enabled in the administrator and set for 2 days
> before timing out. So what you are telling me is that I need to use client
> variables instead? Or will these "disappear' if a user goes out the folder
> containing the application.cfc and then back in to continue updating?
No, I'm saying that for some reason in your application, session
variables are not working like they work for 99.9% of the rest of us.
But I do not know enough about your configuration or code to be able to
offer more then the most general advice.
You are looking at this application in a browser with cookies enabled,
correct? Without cookies or a 'cookieless session implementation' of
your code, session variables will not persist from one request to another.
In order for CF to know what request belongs to what session state, it
needs the CFID & CFTOKEN OR JSESSION values normally stored in cookies.
They can also be passed back and forth in URL variables if a system
design as choose to do so. Without these values returned with a
request, every request is a new session.
The basic question here is do session work at all for you anywhere but here?
I have my cookies set to accept all in my browser and at one time I did notice the cfid and cftoken's being transfered in the URL. I must have changed something.
In the application.cfc file I added <cfset this.setClientCookies = true> and I'm using <cfoutput>session = #SESSION.emplid#<br></cfoutput> at the top of my page to verify that I am getting the session variable on the first page. That's been working fine.
I guess what I'm trying to figure out is if I can retain those session variables if the user goes out of the folder and back in to the maintenance page so they can continue working. If not, then how do I force them to log back in. Right now the cflogin allows them to go out and come back without logging back in.
> I guess what I'm trying to figure out is if I can retain those session
> variables if the user goes out of the folder and back in to the maintenance
> page so they can continue working. If not, then how do I force them to log
> back in. Right now the cflogin allows them to go out and come back without
> logging back in.
Yes, the session will normally persist even if you leave the
'application' for which it is set. Of course the session timeout is
ticking away. While the user is using another section of the site that
is a different or undefined application or even completely different web
sites, the session timeout is not being reset. If it expires before
they return then the session will no longer exist.
But as long as the user returns to the application before the session
expires, session variables will still exist. And as long as the browser
returns the required session ID's they will be able to access the
previous session state.
Under normal circumstances, anyway.
Thanks Ian, that helped me figure this out.