If you use ColdFusion session variables, the Session scope has four built-in, read-only variables that your application can use. If you use J2EE session management, the Session scope has two built-in variables. Generally, you use these variables in your ColdFusion pages only if your application supports browsers that do not allow cookies. For more information on supporting browsers that do not allow cookies, see Using client and session variables without cookies. The following table describes the built-in session variables.
Variable |
Description |
---|---|
Session.CFID |
ColdFusion session management only: the client ID, normally stored on the client system as a cookie. |
Session.CFToken |
ColdFusion session management only: the client security token, normally stored on the client system as a cookie. |
Session.URLToken |
ColdFusion session management: A combination of the CFID and CFToken values in the form CFID= J2EE session management: A combination of the CFID and CFToken cookies and the J2EE session ID, in the form CFID= |
Session.SessionID |
A unique identifier for the session. ColdFusion session management: a combination of the application name and CFID and CFToken values. J2EE session management: the jsessionid value. |
If you enable client variables and ColdFusion session management, ColdFusion uses the same values for the Client and Session scope CFID, CFToken, and URLtoken variables. ColdFusion gets the values for these variables from the same source, the client's CFID and CFTOKEN cookies.
If you use J2EE session management, the Session scope does not include the Session.CFID or Session.CFToken variables, but does include the Session.URLToken and Session.SessionID variables. In this case, the Session.SessionID is the J2EE session ID and Session.URLToken consists of the string jsessionid= followed by the J2EE session ID.