Adobe COLDFUSION 9 Manual page 310

DEVELOPING COLDFUSION 9 APPLICATIONS
Developing CFML Applications
These cookies uniquely identify the client to ColdFusion, which also maintains copies of the variables as part of the
Session and Client scopes. You can configure your application so that it does not use client cookies, but in this case,
pass these variables to all the pages that your application calls. For more information about maintaining client and
session information without using cookies, see
You can configure ColdFusion to use J2EE servlet session management instead of ColdFusion session management
for session variables. This method of session management does not use
side session management cookie. For more information on using J2EE session management, see
jsessionid
"ColdFusion and J2EE session
Using client and session variables without cookies
Often, users disable cookies in their browsers. In this case, ColdFusion cannot maintain the client state automatically.
You can use client or session variables without using cookies, by passing the client identification information between
application pages. However, this technique has significant limitations, as follows:
Client variables are effectively the same as session variables, except that they leave unusable data in the client data
1
store.
Because the client's system does not retain any identification information, the next time the user logs on,
ColdFusion cannot identify the user with the previous client and must create a new client ID for the user. Any
information about the user from a previous session is not available, but remains in client data storage until
ColdFusion deletes it. If you clear the Purge Data for Clients that Remain Unvisited option in the ColdFusion
Administrator, ColdFusion never deletes this data.
Therefore, do not use client variables, if you allow users to disable cookies. To retain client information without
cookies, require users to login with a unique ID. You can then save user-specific information in a database with the
user's ID as a key.
ColdFusion creates a new session each time the user requests a page directly in the browser, because the new request
2
contains no state information to indicate the session or client.
Note: You can prevent ColdFusion from sending client information to the browser as cookies by setting
This.setClientCookies variable in Application.cfc or the
To use ColdFusion session variables without using cookies, each page must pass the
page that it calls as part of the request URL. If a page contains any HTML
or tags the tags must pass the
cfform
the value in page requests. To use ColdFusion client variables and J2EE session variables, pass the
jsessionid
, and values in URLs.
CFToken jsessionid
Note: The behavior is as follows when CFID and CFTOKEN are provided in the URL: If session exists, the CFID and
CFTOKEN from the URL are ignored. If the session does not exist, CFID and CFTOKEN from the URL are used to
validate the session and the session is used if it is valid. If the session is not valid, a new session is created. CFID and
CFTOKEN are regenerated.
ColdFusion provides the
URLSessionFormat
• If the client does not accept cookies, automatically appends all required client identification information to a URL.
• If the client accepts cookies, does not append the information.
The function automatically determines which identifiers are required, and sends only the
URLSessionFormat
required information. It also provides a more secure and robust method for supporting client identification than
manually encoding the information in each URL, because it only sends the information that is required, when it is
required, and it is easier to code.
"Using client and session variables without
management" on page 312.
setClientCookies
and values in the tag URL. To use J2EE session management, pass
CFID CFToken
function, which does the following:
Last updated 8/5/2010
cookies" on page 305.
and values, but does use a client-
CFID CFToken
attribute of the
cfapplication
and
CFID CFToken
links,
hrefa= cflocation
305
tag to No.
values to any
tags, tags,
form
,
CFID