Adobe 38043740 - ColdFusion Standard - Mac Development Manual page 320

DEVELOPING COLDFUSION 9 APPLICATIONS
Developing CFML Applications
For example, to display the number of items in a user's shopping cart, use the following code:
<cflock timeout=20 scope="Session" type="Exclusive">
<cfoutput>
Your shopping cart has #Session.ShoppingCartItems# items.
</cfoutput>
</cflock>
To increase the number of items in the shopping cart, use the following code:
<cflock timeout=20 scope="Session" type="Exclusive">
<cfset Session.ShoppingCartItems = Session.ShoppingCartItems + 1>
</cflock>
Ending a session
The following rules apply to ending a session and deleting Session scope variables:
• If you use ColdFusion session management, ColdFusion automatically ends sessions and deletes all Session scope
variables if the client is inactive for the session time-out period. The session does not end when the user closes the
browser.
• If you use J2EE session management, ColdFusion ends the session and deletes all Session scope variables if the client
is inactive for the session time-out period. However, the browser continues to send the same session ID, and
ColdFusion reuses this ID for sessions with this browser instance, as long as the browser remains active.
• Logging a user out does not end the session or delete Session scope variables.
• In many cases, you can effectively end a session by clearing the Session scope, as shown in the following line. The
following list, however, includes important limitations and alternatives:
<cfset StructClear(Session)>
• Clearing the Session scope does not clear the session ID, and future requests from the browser continue to use the
same session ID until the browser exits. It also does not log out the user, even if you use Session scope storage for
login information. Always use the
• If you use J2EE session management, you can invalidate the session, as follows:
<cfset getPageContext().getSession().invalidate()>
This line creates a pointer to the servlet page context and calls an internal method to reset the session. This clears
all session information, including the session ID Session scope variables, and if you are using session login storage,
the login information, for future request. However, the session information does remain available until the end of
the current request. After you invalidate a session, attempts by the browser to access the application will generate
an invalid session exception until the session times out.
Note: You cannot destroy the session and create a session on the same request, as creating a new session involves
sending session cookies back.
• If you do not use client cookies, the Session scope and login state is available to your application only as long as you
pass the session's CFID, CFTOKEN, and, for J2EE sessions, jsessionid values in the URL query string. After you
stop using these values, however, the session data remains in memory until the session time-out period elapses.
Configuring and using application variables
Application variables are available to all pages within an application, that is, pages that have the same application
name. Because application variables are persistent, you easily can pass values between pages. You can use application
variables for information including the application name, background color, data source names, or contact
information.
tag to log out users.
cflogout
Last updated 1/20/2012
315