6 Replies Latest reply on Apr 17, 2008 7:38 AM by 12Robots

    session variable

    Nick201
      I am using session variable for my login. do i have to use cflock? I have only 20 users are using this app. I might use this app in the future for paying dues online.

      <cfif UCASE(Session.logged_in) eq "FALSE">
      <cflocation url="test.cfm" addtoken="no">
      </cfif>
      --------------------------------------------------------
      Applcation.cfm
      <cfapplication
      name="app"
      sessionmanagement="Yes"
      clientmanagement="Yes"
      clientstorage="cookie"
      applicationtimeout="#createtimespan(2,0,0,0)#"
      sessiontimeout="#createtimespan(0,0,35,0)#">


      <cfif isdefined("cookie.cfid") and isdefined("cookie.cftoken")>
      <cfset cfid_local = cookie.cfid>
      <cfset cftoken_local = cookie.cftoken>
      <cfcookie name="cfid" value="#cfid_local#">
      <cfcookie name="cftoken" value="#cftoken_local#">
      </cfif>
        • 1. Re: session variable
          Level 7
          Nick201 wrote:
          > I am using session variable for my login. do i have to use cflock?

          Only if your code has a race condition with which you are concerned
          about. And with the session scope that would be fairly difficult
          because it would only exist if an individual user was using multiple
          browsers simultaneously connected to your application.

          OR you are using a very old version of ColdFusion!

          There is some VERY dated advice to ALWAYS use <cflock...> with all
          global scopes, including the session scope. This was from a bug in
          these scopes in the version 4.x days, with which locking all reads and
          writes to these scopes was a work around.

          That particular issue has not been relevant during the 21st century.
          But this 'best' practice does not seem to be going away. Even though it
          is no longer 'best' and in fact can cause serious performance and
          throughput issues creating an application that is not scalable if one is
          to over lock code unnecessarily.

          • 2. Re: session variable
            Nick201 Level 1
            So your advice is use cflock right..

            where do i put cflock then. I mean in application.cfm page or everypage when i use session variable,



            Thanks
            • 3. Re: session variable
              Level 7
              Nick201 wrote:
              > So your advice is use cflock right..
              >
              > where do i put cflock then. I mean in application.cfm page or everypage when i use session variable,
              >
              >
              >
              > Thanks


              Ummm, No my advice is NOT to use <cflock....> unless you have a specific
              reason to do so. The only reason you would ALWAYS use <cflock...> is if
              you are still using ColdFusion 4.x? Are you still using a 10+ year old
              version of ColdFusion?

              If you do have a specific reason to use <cflock...> then you would put
              it around the specific piece(s) of code that you want only to be run one
              thread at at time not matter how many requests are trying to run it.
              Just be sure to understand the cost and limitations of doing so. You
              should understand the differences between named and scope locks and how
              they work with different <cflock...> blocks of code.



              • 4. Re: session variable
                Nick201 Level 1
                Thanks.
                Currently I am checking each single page -user log in or not

                <cfif (Session.logged_in) eq "FALSE">
                <cflocation url="login.cfm" addtoken="no">
                </cfif>
                Is this right?
                • 5. Re: session variable
                  Level 7
                  Nick201 wrote:
                  > Thanks.
                  > Currently I am checking each single page -user log in or not
                  >
                  > <cfif (Session.logged_in) eq "FALSE">
                  > <cflocation url="login.cfm" addtoken="no">
                  > </cfif>
                  > Is this right?

                  I would put this logic in an Application.cfm or Application.cfc file so
                  that is is automatically done every request with one piece of reused
                  code the is easy to update when required.

                  Of course some logic would need to exist to that the logic is NOT
                  executed when 'login.cfm' is requested, otherwise one would have an
                  endless loop of redirects.

                  Other then that, yes that is a very common way to authenticate a user to
                  a CFML template.

                  • 6. Re: session variable
                    12Robots Level 4
                    <cfif (Session.logged_in) eq "FALSE" AND cgi.script_name NEQ "login.cfm">
                    <cflocation url="login.cfm" addtoken="no">
                    </cfif>