Creating Cold Fusion session Variables

I need to set up a session variable containing a login ID, as cookies do not seem to be working.  How do I set up and access a session variable? Can I set it to disappear when the browser closes? The manuals I have are rather vague on the subject.  Any help is appreciated, thanks.  
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

session variables by definition end when a person closes the browser...other than that they will last as long as set by default in CF administrator or by overriding with cfapplication:
<cfapplication sessionmanagement="Yes" sessiontimeout="#CreateTimeSpan(days,hours,minutes,seconds)#">

then set your session like
<cfset session.loginID = form.loginID>
Renante EnteraSenior PHP DeveloperCommented:
As what jonnygo55 said, you must have that code <cfapplication> tag on the application.cfm.

Then once a session variable will be created you may now refer to that variable.

Here is an example in referring the session variable :
  <cfquery name="GetUser" datasource="dsn">
    SELECT * FROM Users
    WHERE loginID = '#session.loginID#'

But speaking of killing the session variables once the browser is close, you can have your code like this :

<cfif IsDefined("Cookie.CFID") AND IsDefined("Cookie.CFTOKEN")>
     <cfset cfid_local = Cookie.CFID>
     <cfset cftoken_local = Cookie.CFTOKEN>
     <cfcookie name="CFID" value="#cfid_local#">
     <cfcookie name="CFTOKEN" value="#cftoken_local#">

Be sure you have this on your application.cfm.

Goodluck !
eNTRANCE2002 :-)
eNTRANCE2002 is exactly right.  Put that in your application.cfm and your cfid and cftoken will become session only cookies.

Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

whats not working with cookies ?????

let me know - incase u need help !
TEFKASGAuthor Commented:
Well, I tried the session code and it did not work.  The <cfapplication> tag required a name - what's the purposes of that?

Here's the code I used:

<cfapplication sessionmanagement="Yes" name="Sipe">
<cfset session.loginID = 1>

Then elsewhere in the website I tried to access  #Session.loginID# and it does not exist.

Cookies started working for a little bit then stopped working again.  Ironically, one and only one cookie that I created for a different purpose works.  I am pulling my hair out.   I am also beginning to believe it is a server issue.  
try this:

<cfapplication name="Sipe"
  <CFSET SESSION.loginID = 1>

the purpose of name is define this particular application and its variables (application/session/client)   A single CF server can run multiple applications and each could need its own Session/etc vars that need to be managed.  This attribute supports that.

TEFKASGAuthor Commented:
Ok, I tried that.  It didin't work either.  Part of the site uses frames - any chance that has something to do with it?
any chance that session varaibles not set in Cold Fusion Administrator?...
should be allowed by default but otherwise I am not sure what the problem is...frames shouldnt matter...
Can you post your application.cfm and your code that checks if the var exists.

TEFKASGAuthor Commented:
Well, I just deleted a <cflocation> tag and the cookies are working again???

I don't actually have a application.cfm file per se.
oh, that makes sense.

cflocation tags prevent cookies from being set.  So your cfid and cftoken cookies, which identify your user's session were not being set.

Also, what do you mean you don't have an application.cfm file per se?

Do you automatically include your file in each file ro what?


TEFKASGAuthor Commented:
I have never needed a application.cfm file.  No global variables, in general.
so where do you put your cfapplication tag?

TEFKASGAuthor Commented:
I just picked a file in the path to where the session variables are needed.  How else should I have done it?
you should have an application.cfm file in the directory/app that is going to have session variables.

Then no matter what file the user first accesses, it is setup for session management.

To maintain session state, server has to know which client he is talking to ( or receives and posts data ). Think of it as a part of memory with an address bound to the certain client's ID. If identification won't be posted from every page by a client, the memory address will be lost, and you'll be no longer able to access the part of memory as you don't know how to refer to it.

No, there's why you have to use

<cfif IsDefined("Cookie.CFID") AND IsDefined("Cookie.CFTOKEN")>
     <cfset cfid_local = Cookie.CFID>
     <cfset cftoken_local = Cookie.CFTOKEN>
     <cfcookie name="CFID" value="#cfid_local#">
     <cfcookie name="CFTOKEN" value="#cftoken_local#">

posted by entrance2002

If you don't change cookies ( your ID ) on every page, whenever you go back to visit the page, the server will assume that the same session applies to you as the last time you visited. So if you close your browser and open it again and try the same site, your session variables will still be there ( untill timeout - usually 30 minutes ). So if you change cookies ( your ID ) on every page, every time the server is requested, it will bind new ID to your session variables. Then if you close the browser and don't send cookie ID, the next time you open the site your session will be lost cause you're sending new ID.

hope this is clear...
the "CFLocation URL" wont quite work properly ... with cookies ...

remove ur cflocation tags & use this instead :
<CFHEADER NAME="Refresh" VALUE="0; URL=MainPage.cfm">
& incase u ahve parameters - sent them thru query string like
<CFHEADER NAME="Refresh" VALUE="0; URL=MainPage.cfm?param1=#param1value#">

let me know ...


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TEFKASGAuthor Commented:
anandkp>  that is exactly what I did after I removed the cflocation tag.

To all - This part of the project is on hold for the time being as it is working well enough as is - but I will be revisiting this problem in a week or two.  Thanks for your help and patience.
Didnt that work for cookies ???
Could it be that you just don't have cookies enabled?
Try to pass the CFToken through the URL, this will work if you can't work with cookies. However you need to pass it from every link like so

here's a bit of info on it
TEFKASGAuthor Commented:
I wasn't able to implement any of the solutions given, but  anandkp did give the solution to the problem I was originally having with cookies and the rest became a moot point after that.  Thanks all for your help.  :)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Servers

From novice to tech pro — start learning today.