Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Session maintenance

Status
Not open for further replies.
gasparrelli

gasparrelli

Programmer
Sep 13, 2000
24
US
I am thoroughly confused on how CF maintains a session and could use a little insight... let me explain:

I have an application which relies heacily on session variables. I create no cookies and do not programatically pass cfid or cftoken between pages (or any other session variables). Yet somehow my CF server correctly connects variables with users. How is this happening?

When I search my client machines after a visit to my website I can find nothing new stored on the client machine. According to what I have read this should not work, but somehow it does.

Can anyone tell me why this works? Shouldn't my sessions turn to mush if I don't pass cfid & cftoken somehow?
 
Sort by date Sort by votes
Session variables are stored in the server's RAM, so you won't find cookies and you don't need to pass variables. However, it is important to use <cflock> when dealing with session variables to completely maintain seperate sessions.

bankholdup
 
Upvote 0 Downvote
Use CF lock when you are creating the variables? I have never used it. There's nothing on the client side then?
 
Upvote 0 Downvote
Use <cflock> every time you access the session variable. And no, nothing on the client side (not a bit, pardon the pun).

bankholdup
 
Upvote 0 Downvote
I am puzzled as well.

I am using session variables to keep track of shopping cart items. Items are added to the cart in a NON SSL page. So far, the cart works fine and you can see all the items. To check out the user is taken to a SSL area of the site. Now, I can't access my session variables anymore. I am not passing cfid or cftoken between pages in the URL.

I had read about passing those variables along, but everything was working without it so I just never did it.

Will adding the variables make it work, or is there some other trick needed to pass from Non-SSL to SSL and retain your variables?

Thanks
 
Upvote 0 Downvote
I understand that session variables cannot be passed from non-SSL to SSL pages, so you must pass all your variables from the &quot;old&quot; session into the &quot;new&quot; one. I haven't done this yet but am adding SSL to my site so have researched it, but can't advise beyond that... :)
 
Upvote 0 Downvote
i had the same problem as lazypos, except that i was NOT using ssl pages ... : i had used session variables without passing cfid or cftoken (i was also locking them, as bankholdup says), and the puzzling thing is that on the SAME machine it would sometimes works fine, sometimes not .... i still haven't understood why and i'm using cookies now :-/
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Dalibor101
  • Locked
  • News
R2R maintenance guide
Replies
0
Views
190
Dalibor101
Dalibor101
lwfg
  • Locked
  • Question
session variable timeout problem
Replies
2
Views
94
lwfg
lwfg
emorobot
  • Locked
  • Question
Very odd session bug on my live server with session variables
Replies
0
Views
68
emorobot
emorobot
metaphiz
  • Locked
  • Question
Logout Doesn't Really End Session
Replies
1
Views
67
FALCONSEYE
FALCONSEYE
lucidtech
  • Locked
  • Question
session variables with mobile
Replies
11
Views
146
lucidtech
lucidtech

Part and Inventory Search

Sponsor

Back
Top