Contact Us or call 1-877-932-8228


A session begins when a visiting client somehow identifies itself to the web server. The web server assigns the client a unique session id, which the client uses to re-identify itself as it moves from page to page on the website. Most of the time, these unique ids are stored in session cookies that expire after the client hasn't interacted with the server for some amount of time. The amount of time varies depending on the web application. For example, an online investment site might have very short sessions, so that if a user leaves her computer without logging out, another user who sits down at the same computer several minutes later cannot continue with the first user's session.

Configuring Sessions

The picture above shows the Memory Variables settings in ColdFusion Administrator, where Session management is configured.

J2EE Session Variables

The first checkbox gives the option of using J2EE session variables instead of ColdFusion session variables. The two major advantages of using J2EE session variables are:

  1. Sessions end when a user closes the browser. This is not the case with ColdFusion session variables.
  2. The Session scope is serializable, which allows session variables to be shared across servers. Again, this is not the case with ColdFusion session variables.

There is really no downside to using J2EE session variables, so it is recommended that you check this box.

Enabling Application Variables

The second checkbox gives the option to enable Application variables. Application variables are shared between all users of the application and live until ColdFusion Application Server is shut down, they are explicitly deleted, or the application times out due to a setting in <cfapplication>.

Application variables are useful for storing data such as data source names and file paths that are the same for all users over the life of the application, so it is recommended that you check this box.

Enabling Session Variables

The third checkbox gives the option to enable Session variables. Session variables are variables that are specific to a user's session (or visit) on the site. If session variables are not enabled, it becomes very difficult to track a user throughout his visit, so it is recommended that you check this box as well.

The <cfapplication> Tag

The <cfapplication> tag is used to:

  1. Define the name of a ColdFusion application.
  2. Enable or disable Client variables.
  3. Specify where Client variables are stored.
  4. Enable Session variables.
  5. Set Application variable timeouts.
<cfapplication> Attributes
Attribute Description
name Name of application.
loginStorage Where to store login variables (in Cookies or Session).
clientManagement Enable client variables. Default is "No".
clientStorage Where to store client variables.
setClientCookies Enable cookies. Default is "Yes".
sessionManagement Enable session management. Default is "No".
sessionTimeout Lifespan of session variables.
applicationTimeout Lifespan of application variables.
setDomainCookies Sets CFID and CFTOKEN for a domain.

The <cfapplication> tag is most often used at the top of the Application.cfm file. A typical <cfapplication> tag looks like this:

<cfapplication sessionmanagement="yes" clientmanagement="yes" name="RunnersHome">

If sessionTimeout and applicationTimeout are not defined in the <cfapplication> tag, as in the tag above, the default values set in ColdFusion Administrator are used.

Basics of Structures

A ColdFusion structure is a data type that can be used to hold collections of like data. ColdFusion provides many functions to make it easy to work with and manipulate structures. A few of these functions are described in the table below.

Structure Functions
Function Description
IsStruct Returns true if the specified variable is a structure.
StructNew Creates a new structure.
StructClear Removes all data from specified structure.
StructDelete Removes the specified item from the specified structure.
StructFind Returns the value associated with the specified key in the specified structure.

The example below creates a structure called person, adds properties to the structure, deletes a property and then loops through a substructure.

Code Sample:

<title>Structure Demo</title>
<cfset person = StructNew()>
<cfset person.firstName = "Paul">
<cfset person.lastName = "McCartney">
<cfset person.age = 61>
<cfset person.talents.sing = True>
<cfset person.talents.playsGuitar = True>
<cfset person.talents.bungyJumps = False>

<cfset StructDelete(SESSION, "username")>

<cfoutput><p>Structure Elements: #StructCount(person)#</p></cfoutput>
<cfloop collection="#person.talents#" item="talent">
	<cfoutput><li>#talent#: #person.talents[talent]#</li></cfoutput>

The Session, Application, and Client scopes are all available as ColdFusion structures, which means that they can be manipulated using the Structure functions.

Session Example

Code Sample:

               <cfset SESSION.SessVar = "Hello world!">

<title>Session Page 1</title>
The content of SESSION.SessVar is <cfoutput>#SESSION.SessVar#</cfoutput>.

<a href="Session2.cfm">Next page</a> 

This page sets and outputs a session variable.

Code Sample:

<title>Session Page 2</title>

The content of SESSION.SessVar is still <cfoutput>#SESSION.SessVar#</cfoutput>.
<cfset StructDelete(Session,"SessVar")>

<a href="Session3.cfm">Next page</a>

This page outputs the same session variable and then deletes it with StructDelete().

Code Sample:

<title>Session Page 3</title>

The content of SESSION.SessVar is no longer <cfoutput>#SESSION.SessVar#</cfoutput>.


This page tries to read the deleted session variable and fails. It errors with a message like " Element SESSVAR is undefined in SESSION."