I've pretty much completed a pretty major undertaking with regard to Session Management in LW. A "Session" is the technical term for an end user's visit to your ListingWare service. Now, this post is going to get WAY geeky - read on, if you dare!
Here's the details:
WAY BACK with LW, I had made the decision that I didn't want to require that users enable cookies in order to use the system. Many sites do require it - some as big as Amazon.com and the like. I wanted the lowest common denominator to be if a user just decided to turn off ALL cookies or may have the oldest version of a browser, regardless of Internet Explorer, Firefox, Opera, Safari...whatever.
The version of ColdFusion that we started with was CF5, which was still a C+ DLL on IIS4, I think. The best that it could do then was the CFID/CFToken pairing, which by default was set to a persistent cookie, meaning it did hang around after a user's session, and was forced into the browser's cache. Not so good. I had long ago used a CF technique of making the cookie non-persistent, just for the scope of the session, but it still wasn't ideal. Part of the technique for this method was doing a test of the browser to see if it would accept cookies. If it did, one was passed for CFID/CFToken; if not, I had to code so that it was programmatically appended to every URL or Form so the session could persist.
Because it's been YEARS since I revamped for the CFID/CFToken method, everything we have access to is more modern: CF8 is now Java-based and able to take advantage of some underlying Java systems and techiques; IIS6 has memory partitioning and isolation; browsers are more secure by default - both a good and bad thing. So, it would seem, the problem we've been having with Session Management was bound to happen at some point.
With CF8, the optimal method of Session Management is to use the J2EE (Java) system. Instead of CFID/CFToken, the variable JSessionID is now introduced when needed. I've recoded the URLs and Forms to automagically include the JSessionID variable. J2EE variables are properly done for the user's session only, rather than being persistent like the old CF5 variable was. For the method I've used, a browser that accepts cookies will see:
http://www.bobhendren.com/search/index.cfm?City=Atlanta&MinPrice=100000
A browser that doesn't accept cookies will have the following format:
http://www.bobhendren.com/search/index.cfm;jsessionid=X9X9X9?City=Atlanta&MinPrice=100000 (the JSessionID is actually a much longer pseudo-random alphanumeric string)
Notice that now it has inserted a semi-colon and the JSessionID variable BEFORE the question mark. This will make sure that the session is handled first and separate from the query variables after the question mark.
I've done some pretty extensive testing so far, but I'm sure there are places that still aren't fixed, so if you find one, email us at support@listingware.com. If a page seems to be loosing its session, I may have missed the link for that page or a form variable somewhere.
I've tested in both IE, Opera and FF so far with cookies on and off. Seems to be working well!
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment