Adobe ColdFusion 8

Standard session variables

If you use ColdFusion session variables, the Session scope has four built-in, read-only variables that your application can use. If you use J2EE session management, the Session scope has two built-in variables. Generally, you use these variables in your ColdFusion pages only if your application supports browsers that do not allow cookies. For more information on supporting browsers that do not allow cookies, see Using client and session variables without cookies. The following table describes the built-in session variables.

Variable

Description

Session.CFID

ColdFusion session management only: the client ID, normally stored on the client system as a cookie.

Session.CFToken

ColdFusion session management only: the client security token, normally stored on the client system as a cookie.

Session.URLToken

ColdFusion session management: A combination of the CFID and CFToken values in the form CFID=IDNum&CFTOKEN=tokenNum. Use this variable if the client does not support cookies and you must pass the CFID and CFToken variables from page to page.

J2EE session management: A combination of the CFID and CFToken cookies and the J2EE session ID, in the form CFID=IDNum&CFTOKEN=tokenNum&jsessionid=SessionID.

Session.SessionID

A unique identifier for the session.

ColdFusion session management: a combination of the application name and CFID and CFToken values.

J2EE session management: the jsessionid value.

Note: ColdFusion lets you delete or change the values of the built-in session variables. As a general rule, avoid doing so.

If you enable client variables and ColdFusion session management, ColdFusion uses the same values for the Client and Session scope CFID, CFToken, and URLtoken variables. ColdFusion gets the values for these variables from the same source, the client's CFID and CFTOKEN cookies.

If you use J2EE session management, the Session scope does not include the Session.CFID or Session.CFToken variables, but does include the Session.URLToken and Session.SessionID variables. In this case, the Session.SessionID is the J2EE session ID and Session.URLToken consists of the string jsessionid= followed by the J2EE session ID.