Adobe 38043740 - ColdFusion Standard - Mac Development Manual page 317

DEVELOPING COLDFUSION 9 APPLICATIONS
Developing CFML Applications
Therefore, sessions always terminate after a time-out period of inactivity. If the user does not access a page of the
application within this time-out period, ColdFusion interprets this as the end of the session and clears any variables
associated with that session.
The default time-out for session variables is 20 mins. You can change the default time-out on the Memory Variables
page in the Server Settings area in the ColdFusion Administrator.
You can also set the time-out period for session variables inside a specific application (thereby overruling the
Administrator default setting) by setting the Application.cfc This.sessionTimeout variable or by using the
tag
cfapplication sessionTimeout
maximum session time-out value set on the Administrator Memory Variables page.
For detailed information on ending sessions and deleting session variables, see
ColdFusion and J2EE session management
The ColdFusion server can use either of the following types of session management:
• ColdFusion session management
• J2EE servlet session management
ColdFusion session management uses the same client identification method as ColdFusion client management.
J2EE session management provides the following advantages over ColdFusion session management:
• J2EE session management uses a session-specific session identifier,
of each session.
• You can share session variables between ColdFusion pages and JSP pages or Java servlets that you call from the
ColdFusion pages.
• The Session scope is serializable (convertible into a sequence of bytes that can later be fully restored into the original
object). With ColdFusion session management, the Session scope is not serializable. Only serializable scopes can be
shared across servers.
Therefore, consider using J2EE session management in any of the following cases:
• You want to maximize session security, particularly if you also use client variables
• You want to share session variables between ColdFusion pages and JSP pages or servlets in a single application.
• You want to be able to manually terminate a session while maintaining the client identification cookie for use by
the Client scope.
• You want to support clustered sessions; for example, to support session failover among servers.
Configuring and enabling session variables
To use session variables, enable them in two places:
• ColdFusion Administrator
• The Application.cfc initialization code This.sessionManagement variable or the active
ColdFusion Administrator, Application.cfc, and the
variable behavior, including the variable time-out.
attribute. However, you cannot set a time-out value for that is greater than the
cfapplication
Last updated 1/20/2012
"Ending a session" on page 315.
, which is created afresh at the start
jsessionid
cfapplication
tag also provide facilities for configuring session
312
tag.