At 03:04 PM 01/28/2002 +0000, you wrote: >We have locked all session variables and only refer to them as local >variables on pages that need them. see below: > ><cflock timeout="10" type="READONLY" scope="SESSION"> ><cfset Variables.VarOne= session.VarOne> ><cfset Variables.VarTwo= session.VarTwo> ></cflock>
I see nothing wrong there, although if there are only two session variables, it is probably overkill. Just use cflock when you access the session variables. If there are lots of session variables and you want to avoid using the cflock tag. Try using duplicate: <cflock timeout="10" type="READONLY" scope="SESSION"> <cfset variables.tempsession = Duplicate(session)> </cflock> >When writing to a Session Variable we again use cflock, with type set to >"Exclusive". > >All Session variables are locked when created on the Application page, >and are set to "Exclusive". That should also be correct. >When the user logs out of the system we use the following code to kill >all the session variables: > ><cflock timeout="20" throwontimeout="No" type="EXCLUSIVE" >scope="SESSION"> > <CFCOOKIE NAME="CFID" VALUE="" expires="NOW"> > <CFCOOKIE NAME="CFTOKEN" VALUE="" expires="NOW"> > ><cfscript> >StructDelete(Session, "VarOne"); >StructDelete(Session, "VarTwo"); >StructClear(Session); ></cfscript> ></cflock> You might want to expire the cookie values after clearing the session. You may also want to add something like this: StructDelete(Session, "VarOne"); StructDelete(Session, "VarTwo"); StructDelete(Session, "cfid"); StructDelete(Session, "cftoken"); StructDelete(Session, "urltoken"); StructDelete(Session, "sessionD"); Although, the StructClear function should handle that without any of the specific StructDelete functions. I believe when you use cfcookie to expire a cookie using 'now' it doesn't expire until the session is closed. I expect it can get confused if the cookies still exist, with empty values. >Are there known issues with session variables or is there something >vital that we are missing? None that I know of, so I find this behavior very odd. I have experienced places where a user is automatically signed back in after they are signed out because of Application.cfm code, however that should not be the reason for session swapping. >For this to happen, even once is not acceptable to our client, so it is >essential that we resolve this issue. Speed is an important issue with >this application so using single thread sessions would not be a >straightforward solution for us. You may want to investigate the use of client variables, although if speed is an important issue, accessing session variables is definitely faster than client variables; but you could set up all your 'session' variables as a structure and serialize the structure using WDDX for storage in a client variable. Then you only have to 'load' it once, in the application.cfm, and you can use it throughout without worrying about locks. -- Jeffry Houser | mailto:[EMAIL PROTECTED] AIM: Reboog711 | ICQ: 5246969 | Fax / Phone: 860-223-7946 -- DotComIt: Database Driven Web Data My Book: Instant ColdFusion 5 | http://www.instantcoldfusion.com My New Book: ColdFusion: A Beginner's Guide February 2002 -- Far Cry Fly, Alternative Folk Rock http://www.farcryfly.com | http://www.mp3.com/FarCryFly ______________________________________________________________________ Dedicated Windows 2000 Server PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation � $99/Month � Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusiona FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
