Skip to main content
S
sic4730
Inspiring
April 24, 2008
Answered

session variables

  • April 24, 2008
  • 5 replies
  • 527 views
I need to define a session variable with no value until a user login and then once they log off it removes the value.
How do I create a session variable for this?
Ex
New use access our default webpage
session.security=
User logs in and the security setting is set based on a cfquery
session.security=1
or
session.security=2
When the user logs off the session variable is set to
session.security=

Currently the only time the session.security is defined is after a user logs in. I need to be define prior to login but no value set and after logoff.

Will this cause any security issues also?

Thanks!
    This topic has been closed for replies.
    Correct answer Newsgroup_User
    sic4730 wrote:
    > I found how to make it work:
    >
    > <cflock scope="session" type="exclusive" timeout="10">
    > <cfparam name="session.security" default="">
    > </cflock>
    >
    > Is this the correct way and do you think there is any security risk?
    >

    <cfparam name="session.security" default=""> or "0" or "-1" or "NULL" or
    whatever you want to be your 'un-value' is fine.

    The <cflock...> is most likely (99.31% of the time) unnecessary and
    could, conceivable, under heavy load, cause a bottle neck and impact
    performance and throughput for your application.

    5 replies

    N
    Newsgroup_User
    Inspiring
    April 24, 2008
    Adam Cameron wrote:
    >> The <cflock...> is most likely (99.31% of the time) unnecessary
    >
    > I'd bump it up even further than that, in this case.
    >

    I'm a little conservative in my made up on the fly bogus statistical
    percentages.
    N
    Newsgroup_User
    Inspiring
    April 24, 2008
    > The <cflock...> is most likely (99.31% of the time) unnecessary

    I'd bump it up even further than that, in this case.

    --
    Adam
    S
    sic4730Author
    Inspiring
    April 24, 2008
    Thank you! I changed it to cfparam and it works also.
    N
    Newsgroup_UserCorrect answer
    Inspiring
    April 24, 2008
    sic4730 wrote:
    > I found how to make it work:
    >
    > <cflock scope="session" type="exclusive" timeout="10">
    > <cfparam name="session.security" default="">
    > </cflock>
    >
    > Is this the correct way and do you think there is any security risk?
    >

    <cfparam name="session.security" default=""> or "0" or "-1" or "NULL" or
    whatever you want to be your 'un-value' is fine.

    The <cflock...> is most likely (99.31% of the time) unnecessary and
    could, conceivable, under heavy load, cause a bottle neck and impact
    performance and throughput for your application.

    S
    sic4730Author
    Inspiring
    April 24, 2008
    I found how to make it work:

    <cflock scope="session" type="exclusive" timeout="10">
    <cfparam name="session.security" default="">
    </cflock>

    Is this the correct way and do you think there is any security risk?
    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices