Skip to main content
P
ProjectedSurplus
Inspiring
October 14, 2008
Question

Client vs Session vs Cookie Variables

  • October 14, 2008
  • 5 replies
  • 655 views
Long story short I am creating a web site which adjusts its GUI based on the visitors IP. Ideally the visitor can then modify these settings and have these choices "remembered" by the site on next visit. As I understand it, if I save these settings in:

COOKIE.VAR then this info passes back and forth on every page request (which i don't want)
SESSION.VAR then this info takes up server memory (which I don't want)
CLIENT.VAR then this info resides in a dbase (as selected in cfadmin to replace server registry default)

So, in this instance client.var seems the way to go BUT it only holds simple values (the GUI now is a query result/array of text filenames) so I would need to serialize?/fromList()??/toString()??? the info.

Similarly, I would think that should the user choose the "Remember Me" login option it would be better to store his username and password in CLIENT.vars rather than as an unsecure cookie on his/her machine.

Thanks in advance for thoughts or comments???

    This topic has been closed for replies.

    5 replies

    N
    Newsgroup_User
    Inspiring
    October 16, 2008
    ProjectedSurplus wrote:
    > Yes, definitely NOT a repeat every request strategy.
    >
    > However, what is the root of the issue is that I want to remember the user's
    > settings upon their next visit.
    >
    > As such don't I still need to write the info to either a CLIENT.var or a
    > COOKIE.var upon session end?
    >
    > (To me doing so would both allow remembering of visitor choices and reduce
    > dbase pings)
    >

    Yes, something would need to be written to a cookie. You could store
    the entire data set if you choose. There are challenges but they are
    not unsurmountable. There are also some limits The solution would
    depend somewhat on how much data you want to store.

    For a few simple keys and values you could just make a separate cookie
    for each. Otherwise you could serialize a complex variable either
    manually or with something like the <cfwddx...> tag.

    The latter is very hand, but rather verbose, so if you are working with
    a lot of data you may want something leaner so that you don't run into
    problems with maximum cookie size, which was about 4K if I recall
    correctly and has not changed since I last paid attention to it.

    But personally, making a single database call once each time a visitor
    starts a session against a well defined and optimized database is not
    very stressful on a system.

    It may be relevant that one way or another cookies are going to be used.
    Whether you manage them and their content or not -- cookies are the
    *only* way to maintain user state between http requests. Either you
    create them or ColdFusion will if you go with a straight forward client
    or session scope for your data scope.
    P
    ProjectedSurplusAuthor
    Inspiring
    October 16, 2008
    So, just to confirm, EVERY cookie.var is sent with every browser request, right (ie not just when called/referenced)? As in a previous post, I understand Flash/Flex enables shared objects stored on the client which are not transmitted unless specified.

    Assuming there is no direct way to have similar functionality in HTML, the next best way to do what I seek (which btw is not involved with my intention to manage user state in a more forward Session var) is to write a CLIENT var onSessionEnd and only read that info onSessionStart (or when changed by the visitor).

    P
    ProjectedSurplusAuthor
    Inspiring
    October 15, 2008
    Yes, definitely NOT a repeat every request strategy.

    However, what is the root of the issue is that I want to remember the user's settings upon their next visit.

    As such don't I still need to write the info to either a CLIENT.var or a COOKIE.var upon session end?

    (To me doing so would both allow remembering of visitor choices and reduce dbase pings)
    N
    Newsgroup_User
    Inspiring
    October 15, 2008
    You may be over thinking this.

    Why don't you want to use session variables. Most people *want* to put
    as much into memory as possible to eliminate as much database and file
    system calls as possible. Obviously this needs to be balanced with
    system capabilities and site traffic, but in general memory is better
    then database is better then file IO.

    The way this is usually done is that a cookie value is used to store a
    user ID. This ID is then used to retrieve user state from a permanent
    store of your choice. Placing this data into session memory during the
    visit of the user.

    P
    ProjectedSurplusAuthor
    Inspiring
    October 15, 2008
    Not to sound like a smart ass but there is no doubt I am overthinking this (you wouldn't believe how much difficulty I have deciding what to wear each morning ;).

    Nonetheless, I am truly concerned about scalability etc (I have an excel spreadsheet showing how fast we'll be at 8 billion members if you want to see it ;) and don't see the desirability of putting fairly unimportant GUI data (header = red etc) into server memory.

    On the other hand though I have little practical experience in actually running a site (feel free to condemn my over thinking now out loud) and realize that even a Gb of memory can hold enormous amounts of text = value) so . . . .

    That said -- and let me emphasize I am sincerely appreciative of your knowledgeable feedback on this and other posts -- do you still think I should just put this stuff into a SESSION.var (which I realize can be a struct) ? If so then I guess I would only call the cfc (to lookup new GUI info from the dbase) if that SESSION.var is changed or not there?
    P
    ProjectedSurplusAuthor
    Inspiring
    October 15, 2008
    Or, what about using the onRequestStart or onRequest methods of Application.cfc?

    Another thought is to use the cgi.HTTP_referer to determine if visitor is coming from outside (hence in need of ip-to-GUI component) OR if they are coming from another page of mysite (and hence not in need of a new trip to that cfc/dbase if the info is already available in say a client variable)

    Anyone with any experience in this sort of thing?
    P
    ProjectedSurplusAuthor
    Inspiring
    October 14, 2008
    As a further point, at present I have a <cfinvoke> at the top of my index page which calls the component -- but without using frames (for reasons of my own) this infers that literally every page calls the IP-to-GUI component everytime.

    I have learned that flash/flex has the ability to store the data in a shared object (and then only send the info when instructed to do so vs. with every request like a cookie.var does).

    Ideally though in HTML (too fwiw) I only want to invoke this component on first visit or on change. I'm currently reading up on the onSessionStart method of the Application.cfc file ("This is a special method run only at the beginning of a user's session. Conversely, it may be handy to notice when a user's session end via onSessionEnd method") with thoughts of writing the cookie onSessionEnd and reading&deleting onSessionStart.

    Thoughts??
    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices