> Are you saying I should lock all Session and Application variables?
Yes, as well as Server variables.
> Are the rest of my thoughts on this correct:
>
> 1. Lock the writing of variables as "Exclusive" and the
> reading of variables as "ReadOnly"?
Yes.
> 2. Enclose all references to SessionID and any other Session
> variables in a CFLOCK (even when using sessionID in a URL?).
Yes.
> 3. This is esentially the same for CF4 & CF4.5 aside from
> being able to provide a lock scope instead of name in 4.5.
Well, kind of. For CF 4.0.x, Allaire recommended doing something like this:
<CFLOCK NAME="#Session.SessionID#"> ...
Unfortunately, they neglected to realize that the reference to
Session.SessionID itself required a lock. That's why the SCOPE attribute was
added.
> 4. It is better to assign session variables to local varables in
> Application.cfm so they only need to be CFLock-ed once there.
> Is it then safe to use these local variables without using cflock on
> other pages & what is the appropriate prefix for such local variables
> that are reinitalised on every request?
The answer is, it depends. It might be more efficient to do this rather than
sprinkle CFLOCK tags throughout each page. Then again, it may not. You'll
have to test and find this out yourself. If you do this, make sure you
create copies, not pointers. The appropriate prefix for local variables
would be "Variables.".
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
