views:

66

answers:

4

Is there a way in Coldfusion to selectively enable a user session? I don't need to track all users that visit my site, only users who have logged in. Is there a way to activate the user session, only after a login process?

(I have a feeling the answer is no, but I thought I'd ask as some of you may have more experience with user sessions.)

+3  A: 

If you enable sessions, you'll get them for every user. Nothing says you need to use session variables, however. Only the most basic data (session token, for instance) will be created.

Al Everett
+1  A: 

You may, add a Application.cfc in /member, and turn on session management there.

Then for pages that required session, put the under /memeber.

Henry
Henry, that's a pretty good workaround and will probably be the solution I use. However, it seems that there is no way to selectively enable sessions for logged in users for the entire public site. (without pulling pages for the logged in users from a different directory as you mentioned)
Dan Sorensen
A: 

Why is it that you don't want to track non-logged-in users? Just don't need to? Save Memory? etc.

Like Al said, by default session is pretty light. You can setup your business logic to only track things like preferences or a shopping cart in session once they're logged in - they'll just be undefined or empty strings if they're not logged in.

jonah
How do I show a shopping cart count in the upper corner of the screen if I don't have sessions enabled? I need the session vars enabled to track if the user is logged in, don't I?That is a good point though - there are ways to rethink the problem so that I avoid the session. However, the user friendly way would be to have those session vars available to display the user specific data.
Dan Sorensen
+1  A: 

One workaround is to just quickly discard the sessions of those who aren't logged in. This doesn't reduce the overhead of creating new sessions if that's heavy in your app, but it does save memory over time. I'm doing this in a few big apps to not keep sessions around for spiders and the like. You could use a variation of this to quickly expire non-logged in visitors.

Near the top of your Application.cfc:

<!--- save memory by expiring non-user sessions quickly --->
<cfif structKeyExists(cookie, "CFID")>
    <!--- 7 days for normal users --->
    <cfset THIS.sessionTimeOut = CreateTimeSpan(7, 0, 0, 0) />
<cfelse>
    <!--- 30 sec short session for agents like bots that do not accept cookies --->
    <cfset THIS.sessionTimeOut = CreateTimeSpan(0, 0, 0, 30) />
</cfif>

I don't remember who I got this idea from, so can't credit it correctly.

jonah
Very creative solution! :-) I'll do some testing. This may help me out. I'm getting hit by a number of spiders at certain times of the day. This could help.
Dan Sorensen