User Guide

Table Of Contents
Configuring and using session variables 355
Standard session variables
If you use ColdFusion session variables, the Session scope has four built-in, read-only variables
that your application can use. If you use J2EE session management, the Session scope has two
built-in variables. Generally, you use these variables in your ColdFusion pages only if your
application supports browsers that do not allow cookies. For more information on supporting
browsers that do not allow cookies, see “Using client and session variables without cookies
on page 344. The following table describes the built-in session variables.
Note: ColdFusion lets you delete or change the values of the built-in session variables. As a general
rule, avoid doing so.
If you enable client variables and ColdFusion session management, ColdFusion uses the same
values for the Client and Session scope
CFID, CFToken, and URLtoken variables. ColdFusion gets
the values for these variables from the same source, the client’s
CFID and CFTOKEN cookies.
If you use J2EE session management, the Session scope does not include the
Session.CFID or
Session.CFToken variables, but does include the Session.URLToken and Session.SessionID
variables. In this case, the
Session.SessionID is the J2EE session ID and Session.URLToken
consists of the string
jsessionid= followed by the J2EE session ID.
Getting a list of session variables
Use the
StructKeyList function to get a list of session variables, as follows:
<cflock timeout=20 scope="Session" type="Readonly">
<cfoutput> #StructKeyList(Session)# </cfoutput>
</cflock>
Caution: Always put code that accesses session variables inside cflock tags.
Variable Description
Session.CFID ColdFusion session management only: the client ID, normally stored on the
client system as a cookie.
Session.CFToken ColdFusion session management only: the client security token, normally
stored on the client system as a cookie.
Session.URLToken ColdFusion session management: A combination of the
CFID and
CFToken values in the form CFID=IDNum&CFTOKEN=tokenNum. Use this variable
if the client does not support cookies and you must pass the
CFID and
CFToken variables from page to page.
J2EE session management: A combination of the
CFID and CFToken
cookies and the J2EE session ID, in the form
CFID=IDNum&CFTOKEN=tokenNum&jsessionid=SessionID.
Session.SessionID A unique identifier for the session.
ColdFusion session management: a combination of the application name
and
CFID and CFToken values.
J2EE session management: the
jsessionid value.