Ask Ben: Testing For ColdFusion Session Management
Posted September 7, 2007 at 8:01 AM
Ben, Do you know how I can test to see if the session scope exists if session management is turned off. I turned off session management and did an isDefined('session') which returned yes. I'm trying to do this before a StructKeyExists(session,'temp'). StructKeyExists throws an exception if the structure doesn't exist, but I don't know how to test for the absence of the session!
At first, I have to say that I didn't believe you; I couldn't believe that the SESSION would be "defined" if ColdFusion session management was turned off. But, after trying it for myself, sure enough, it is defined. In fact, not only is it defined, but you can CFDump it out. It comes up as an empty struct, but it doesn't throw an exception.
To help us in this matter, there is a nice little UNDOCUMENTED function in the ColdFusion APPLICATION scope that allows us to view the application settings. This function, GetApplicationSettings(), is called directly on the APPLICATION scope in dot-notation:
Launch code in new window » Download code as text file »
- <!---
- Dump out ColdFusion application settings. This will
- give us insight into most of the application-level
- settings that can be set in the Application.CFM/CFC.
- --->
- <cfdump
- var="#APPLICATION.GetApplicationSettings()#"
- label="GetApplicationSettings() Output"
- />
Running the above code, we get the following CFDump output:
| | | | ||
| |  | | ||
| | | |
As you can see, this returned struct gives us access to most, but not all, of the settings that we can set in the Application.cfm/cfc files. The one that we are most concerned with right now is the SessionManagement key which will give us the boolean value as to whether or not session management has been enabled.
To test this, I have set up a tiny ColdFusion Application.cfc file in which session management has been turned off:
Launch code in new window » Download code as text file »
- <cfcomponent
- output="false"
- hint="Handles application level events.">
-
- <!--- Define application settings. --->
- <cfset THIS.Name = "CheckSessionTest" />
- <cfset THIS.ApplicationTimeout = CreateTimeSpan( 0, 0, 1, 0 ) />
- <cfset THIS.SessionManagement = false />
-
- </cfcomponent>
Then, I set up a tiny index.cfm file to test for ColdFusion session management:
Launch code in new window » Download code as text file »
- <!---
- Check to see if Session Management has been enabled
- in this ColdFusion application.
- --->
- <cfif APPLICATION.GetApplicationSettings().SessionManagement>
-
- <p>
- SESSION Is Enabled
- </p>
-
- <cfelse>
-
- <p>
- SESSION Is Disabled
- </p>
-
- </cfif>
Running the above code, we get the following output:
SESSION Is Disabled
Works quite nicely. Now, like I said before, this is an undocumented feature, so use it at your own discretion. One of the things that I do in some of my applications where ColdFusion Session Management might be toggled on and off is to set a flag in the REQUEST scope, such as REQUEST.HasSessionScope. This way, whatever logic performs the application settings can also set the REQUEST flag.
Hope that helps a bit.
Download Code Snippet ZIP File
Comments (11) | Post Comment | Ask Ben | Permalink | Other Searches | Print Page
Reader Comments
Awww Ben, you're the best!
Posted by Justin on Sep 7, 2007 at 8:22 AM
Any time my man, any time.
Posted by Ben Nadel on Sep 7, 2007 at 8:24 AM
Instead of using an undocumented function (which means it could be removed or changed at any time), why not just use a try/catch block to try and set a session variable, and create a flag accordingly?
Posted by Brian Kotek on Sep 7, 2007 at 11:57 AM
@Brian,
Good question. People seem to rag on me anytime I used "on purpose" exception throwing to do anything, especially anything that will be done on a regular basis. I guess, the best of all possible worlds would be to encapsulate the function and USE the undocumented features. Then, if they ever get taken out, it only needs to be changed in the function (to use CFTry / CFCatch) and the rest of the code still works.
Also, that way, since exception handling is a bit expensive in terms of processing (or so I am harassed!), this way, you only need to use it when CF changes.
Posted by Ben Nadel on Sep 7, 2007 at 12:02 PM
Another approach would be to set a session variable, redirect to another page, then check if the variable isDefined().
Posted by Tom Chiverton on Sep 7, 2007 at 12:03 PM
@Tom,
True, like testing a cookie value, but that might not be the easiest thing if you are dealing with a single page request or something.
Posted by Ben Nadel on Sep 7, 2007 at 12:10 PM
The purpose of all this was that upon reiniting my application, I would always get an error because I set the timeout of app and session to be 0 and the page would then process without a session scope.
So, I thought, I'd just put some logic in so that I don't get this error but I couldn't figure out how. It just seemed quirky to me.
Of course, the easy fix for the above is to set the session and application timeout to 1 second upon reinit.
Posted by Justin on Sep 7, 2007 at 12:10 PM
@Justin,
Yeah, I would go that way. It's probably always easier to have SOME session scope, even if its timeout is very short. Even Michael Dinowitz does that and he is the King of conditional session management.
Posted by Ben Nadel on Sep 7, 2007 at 12:15 PM
Yeah that's the way I did it, but it's always good to see the other perspective. I always wanted to make sure I wasn't loony about the whole session being defined with sessions turned off thing.
Posted by Justin on Sep 7, 2007 at 12:39 PM
I hadn't heard of this before but Googling for it brings up a little more information here (from mid-2005):
http://www.rocketboots.com.au/blog/index.cfm?mode=entry&entry=8A1C48F5-E081-51EF-A7AF8C312529DABA
Posted by Sean Corfield on Sep 7, 2007 at 1:16 PM
Dang! This always happens :) I find out something and then I find out that it was already discussed years ago! Oh well, at least I learned something from this.
Posted by Ben Nadel on Sep 9, 2007 at 5:33 PM
