Skip to main content
A
Anonymous
September 7, 2012
Question

Creating session variable properly with application.cfc

  • September 7, 2012
  • 1 reply
  • 6268 views

I haven't had the chance to use application.cfc when creating web application. Usually this is how I create session variable ,such as, session.userid after user validation. Here is an example:

First, on my application.cfm I did : 

<cfapplication name="SomeName" sessionmanagement="Yes" setclientcookies="Yes" CLIENTMANAGEMENT="No" sessiontimeout="#CreateTimeSpan(0,1,0,0)#" applicationtimeout="#CreateTimeSpan(1,0,0,0)#">

Then on my loginaction.cfm page, I validate user login with something like:

<cfquery name="ValidateUser" datasource="#application.DSN#">

  SELECT UserId, Username, Password FROM users

  WHERE Username = <cfqueryparam cfsqltype="cf_sql_varchar" value="#Form.username#">

  AND Password = <cfqueryparam cfsqltype="cf_sql_varchar" value="#Form.Password#">

</cfquery>

<CFIF ValidateUser.Recordcount NEQ 0>

    <CFSET session.UserId = "#ValidateUser.UserId#">

</CFIF>

Once this session.UserId is created then I can use it on any query throughout the application.

Now, I want to use Application.cfc instead of Application.cfm. From my reading Within Application.cfc I can create a Function called:

 

OnApplicationStart, OnSessionStart, etc

It is said that: OnSessionStart is the perfect place to define session-scoped variables (ex. SESSION.Cart for eCommerce cart data).

If this method is invoked manually, be sure to call StructClear() on the SESSION scope before you re-initialized the data values. HOWEVER! before clearing the scope, get a copy of the CFID/CFTOKEN values so that you can store them back into the session during re-initialization.



I don't quite understand this explanation and especially when I want to create my session.UserId using the logic I explain above.

Below is my test when trying to work with application.cfc:

On my loginaction.cfm:

<cfinvoke component="cfcomponents.application" method="OnSessionEnd" UserName ="#Trim(Form.MyUsername)#"

                                                                                                                                              Password = "#Trim(Form.myPassword>

On Application.cfc:



<cfcomponent displayname="Application" output="true" hint="Handle the application.">



     <cffunction name="OnApplicationStart" access="public" returntype="boolean" output="false" hint="Fires when the application is first created.">



           <cfset application.dsn = "OnBoardBuddy">

          <cfreturn true/

     </cffunction>



   <!--- Is this the right way to set session.userid when using application.cfc? --->

   <cffunction name="OnSessionEnd" access="public" returntype="void" output="false" hint="Fires when the session is terminated.">

       <cfquery name="ValidateUser" datasource="#application.DSN#">

         SELECT UserId, Username, Password FROM users

         WHERE Username = <cfqueryparam cfsqltype="cf_sql_varchar" value="#Form.username#">

         AND Password = <cfqueryparam cfsqltype="cf_sql_varchar" value="#Form.Password#">

       </cfquery>

       <CFIF ValidateUser.Recordcount NEQ 0>

          <CFSET session.UserId = "#ValidateUser.UserId#">

      </CFIF>



    </cffunction>





</cfcomponent>





















    This topic has been closed for replies.

    1 reply

    Carl Von Stetten
    Carl Von Stetten
    Legend
    September 8, 2012

    GKiew,

    No.  The correct way to establish those settings in Application.cfc is to put them in the pseudo constructor (using the "this" scope), before any of the functions.  Here is an example (with all of the functions omitted for simplicity):

    <cfcomponent...>

         <cfset THIS.Name = "YourApplicationNameHere">

         <cfset THIS.ApplicationTimeout = CreateTimeSpan(1, 0, 0, 0)>

         <cfset THIS.SessionManagement = true>

         <cfset THIS.SessionTimeout = CreateTimeSpan(0,1,0,0)>

         <cfset THIS.SetClientCookies = true>

         <cfset THIS.ClientManagement = false>

         <cffunction ...>

         </cffunction>

    </cfcomponent>

    See the following in the CF 9 Docs for more information:

    http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e0811cbec22c24-750b.html

    Ben Nadel's classic blog post gives you a pretty complete explanation of how all the parts to Application.cfc work:

    http://www.bennadel.com/blog/726-ColdFusion-Application-cfc-Tutorial-And-Application-cfc-Reference.htm

    HTH,

    -Carl V.

    A
    Anonymous
    September 9, 2012

    Hi Carl, I did more reading and some questions of mine got answered, thanks for pointing out some of them.

    One thing that I'm still confused is setting the session variable.

    For example, When I need to create a session variable in my loginaction.cfm, such as, session.userId, HOW IS :

    <CFSET session.userId = "#MyQueryName.UserId#"> in my loginaction.cfm and The OnSessionStart function included within an Application.cfc 

    <cffunction name="OnSessionStart" access="public" returntype="void" output="false" hint="Fires when the session is first created.">

    Related to each other?

    When using CFAPPLICATION, I have:

    <cfapplication name="SomeName" sessionmanagement="Yes" setclientcookies="Yes" CLIENTMANAGEMENT="No" sessiontimeout="#CreateTimeSpan(0,1,0,0)#" applicationtimeout="#CreateTimeSpan(1,0,0,0>

    I only need to set sessionmanagement attribute to "yes" and then on my loginaction.cfm I'm ready to do :

    <CFSET session.userId = "#MyQueryName.UserId#"  without having to call  OnSessionStart Function.

    But when I use Application.cfc, If  I already put:

    <cfset THIS.SessionManagement = true>

    <cfset THIS.SessionTimeout = CreateTimeSpan(0,1,0,0)>

    Practically I'm ready to do <CFSET session.userId = "#MyQueryName.UserId#"> anywhere in my template so why should I call OnSession.Star()?

    12Robots
    12Robots
    Participating Frequently
    September 9, 2012

    You don't need to use onSessionStart() if you don't want to.

    In the case above, I would use onSessionStart() to create the session.userid variable with an empty value. That way it is always there. Then in the login process I would populate it with a value.

    There is nothing that says yo NEED to use onSessionStart() if you are using session management, but it is there in case you WANT to use it.

    A great example is if you want every user who visits your site to have a shopping cart instantiated and ready to go (whether they are logged in or not). You would create that cart in onSessionStart() and stick it in the user session. Then later after the login process you would also populate the session with appropriate user details and associate that cart with that user.

    Hope that makes sense.

    Jason

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices