Nesting Session Variable Locks

Jim McAtee Thu, 05 Jul 2001 21:14:31 -0700
What's the best approach to properly lock the following code that uses
session variables (CF 4.0.1)?  I want to add a readonly lock around the
cfelseif clause that references the session.userid variable.  Can I safely
do a readonly lock around the entire cfif structure, and leave the exlusive
locks nested within?  Or do I just use a single exclusive lock around the
whold thing?  Seems I wouldn't want to do the latter for performance
reasons, since this code would be included on every page of the application.

<!---
      Login validation.  User is logged in if session.userid <> 0.
--->
<cfif IsDefined("form.username") and IsDefined("form.password")>

  <!--- User came from the login screen. Check name/password. --->
  <cfquery name="check" datasource="#dsn#">
  SELECT userid, securitylevel
  FROM users
  WHERE username= '#form.username#' AND password = '#form.password#'
  </cfquery>

  <cfif check.recordcount>
    <!--- Successful login. --->
    <cflock name="#session.sessionid#" type="exclusive" timeout="3">
      <cfset session.userid = check.userid>
      <cfset session.securitylevel  = check.securitylevel>
    </cflock>
  <cfelse>
    <!--- Incorrect name/password. Send back to login. --->
    <cflock name="#session.sessionid#" type="exclusive" timeout="3">
      <cfset session.contactid = 0>
      <cfset session.securitylevel = 0>
    </cfif>
    <cflocation url="/login.cfm?error=1">
  </cfif>

<cfelseif not (IsDefined("session.userid") and (session.userid neq 0))>

  <!--- User not logged in; redirect to login screen. --->
  <cflocation url="/login.cfm">

</cfif>


Also, I seem to recall a discussion of this bit of advice in the CF help
documentaion on CFLOCK.  Substitute read-only locks when updating shared
data?  I thought that was the whole idea behind an exclusive lock...
"Limit the scope of code that updates shared data. Exclusive locks are
required to ensure the integrity of these updates, but they have a
significant impact on performance. Read-only locks are faster. If you have a
performance-sensitive application, you should substitute read-only locks for
exclusive locks wherever it is possible, for example, when updating shared
data."

Thanks,

Jim



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Nesting Session Variable Locks

Reply via email to
