cfml vs j2ee sessions
378 views
Skip to first unread message
Jonathan Brookins
Mar 1, 2015, 2:17:57 PM3/1/15
to lu...@googlegroups.com
Given that we have a single Lucee server with no clustering should we use j2ee sessions? What are the advantages/disadvantages to using either? I'd like to be able to rotate/invalidate sessions, but without additional code this isn't possible with j2ee sessions, correct? If the server currently uses tomcat would it be better to stick with j2ee sessions?
Jeroen Knoef
Mar 2, 2015, 6:47:04 AM3/2/15
to lu...@googlegroups.com
You can use SessionRotate() and SessionInvalidate(). In the ACF documentation it says it only works on cfml sessions, don't know about Lucee (haven't used these functions yet). I wouldn't be surprised if Lucee doesn't care about which type of session it actually is.
The session implements the HttpSession interface:
I believe this goes for both cfml and j2ee sessions.
So in your case I'm not aware of any advantage of one type over the other. Personally, I view cfml sessions as legacy.
Op zondag 1 maart 2015 20:17:57 UTC+1 schreef Jonathan Brookins:
Op zondag 1 maart 2015 20:17:57 UTC+1 schreef Jonathan Brookins:
Jordan Michaels
Mar 2, 2015, 3:14:57 PM3/2/15
to lu...@googlegroups.com
I would say it doesn't matter in most cases. The idea of a session id is
just to assign a unique number to identify a particular session. Whether
you use J2EE unique numbers or some other unique set of numbers isn't a
big deal.
The only time I've ever *needed* to use J2EE sessions is with mod_jk
clustering, where the J2EE session id was used to identify unique
sessions for sticky sessions. That was a limitation/feature of mod_jk
clustering, but didn't functionally change the sessions within Railo/Lucee.
Warm Regards,
Jordan Michaels
> --
> You received this message because you are subscribed to the Google
> Groups "Lucee" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to lucee+un...@googlegroups.com
> <mailto:lucee+un...@googlegroups.com>.
> To post to this group, send email to lu...@googlegroups.com
> <mailto:lu...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/lucee/97507a9a-c1e7-496d-8c49-8b02652d8259%40googlegroups.com
> <https://groups.google.com/d/msgid/lucee/97507a9a-c1e7-496d-8c49-8b02652d8259%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.
just to assign a unique number to identify a particular session. Whether
you use J2EE unique numbers or some other unique set of numbers isn't a
big deal.
The only time I've ever *needed* to use J2EE sessions is with mod_jk
clustering, where the J2EE session id was used to identify unique
sessions for sticky sessions. That was a limitation/feature of mod_jk
clustering, but didn't functionally change the sessions within Railo/Lucee.
Warm Regards,
Jordan Michaels
> You received this message because you are subscribed to the Google
> Groups "Lucee" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to lucee+un...@googlegroups.com
> <mailto:lucee+un...@googlegroups.com>.
> To post to this group, send email to lu...@googlegroups.com
> <mailto:lu...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/lucee/97507a9a-c1e7-496d-8c49-8b02652d8259%40googlegroups.com
> <https://groups.google.com/d/msgid/lucee/97507a9a-c1e7-496d-8c49-8b02652d8259%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.
Geoff Parkhurst
Mar 2, 2015, 3:52:03 PM3/2/15
to lu...@googlegroups.com
On 2 March 2015 at 11:47, Jeroen Knoef <jer...@neoneo.nl> wrote:
> You can use SessionRotate() and SessionInvalidate(). In the ACF
> documentation it says it only works on cfml sessions, don't know about Lucee
> (haven't used these functions yet). I wouldn't be surprised if Lucee doesn't
> care about which type of session it actually is.
It doesn't seem to care; it'll generate both a JSESSIONID and a
> You can use SessionRotate() and SessionInvalidate(). In the ACF
> documentation it says it only works on cfml sessions, don't know about Lucee
> (haven't used these functions yet). I wouldn't be surprised if Lucee doesn't
> care about which type of session it actually is.
CFID/TOKEN if you use either of those functions:
https://bitbucket.org/lucee/lucee/issue/84/sessionrotate-creates-jsessionid
Joe Matte
Mar 4, 2015, 12:20:39 AM3/4/15
to lu...@googlegroups.com
One thing to consider is that J2EE sessions "expire" at the client side when closing the browser (not just the page's tab) due to J2EE being session cookie values, vs CFML sessions in the browser remain valid after a browser is closed and re-opened.
On the server, the session stays alive until timeout or specifically ended.
Read especially the comments in an old Ben Nadel post about this:
http://www.bennadel.com/blog/1131-ask-ben-ending-coldfusion-session-when-user-closes-browser.htm
It's an old post and it's possible things may have changed since.
On the server, the session stays alive until timeout or specifically ended.
Read especially the comments in an old Ben Nadel post about this:
http://www.bennadel.com/blog/1131-ask-ben-ending-coldfusion-session-when-user-closes-browser.htm
It's an old post and it's possible things may have changed since.
Michael Offner
Mar 4, 2015, 2:10:59 AM3/4/15
to lu...@googlegroups.com
Access to jee sessions is very limited for Lucee, simply because the interface the servlet specification provides is limited.
Am Sonntag, 1. März 2015 schrieb Jonathan Brookins :
Micha
Am Sonntag, 1. März 2015 schrieb Jonathan Brookins :
Given that we have a single Lucee server with no clustering should we use j2ee sessions? What are the advantages/disadvantages to using either? I'd like to be able to rotate/invalidate sessions, but without additional code this isn't possible with j2ee sessions, correct? If the server currently uses tomcat would it be better to stick with j2ee sessions?
--
You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/4bab22b6-35e9-491d-b551-57b02a179162%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages