Client State Management using Cold Fusion

1
Client State Management using Cold Fusion

• Adding State Management to a Stateless
  Environment the Internet

2
State Management

• When you login to a server it remembers the
  connection
• NT, NetWare, UNIX Login, etc
• Once logged in, all of the servers services that
  you are authorized to use are constantly
  available until you terminate your session
• Printers
• File systems
• Proxy

3
State Management

• An HTML server has no state management
• Every request by a web server is viewed as a
  unique request
• Traditional web programmers options for state
  management
• URL parameters
• Hidden form fields
• Cookies

4
State Management

• Cold Fusions alternative to state management
• Application Variables
• Session variables
• Client variables
• Server Variables
• Variables are persistent so they can be easily
  called be all templates in an application
• Variable default lifespan is set on the CF Server
• Programmer can modify the lifespan of the
  variables in the ltCFAPPLICATIONgt tag
• Variables are (usually) set once and read many
  times

5
Web Applications

• An application
• A collection of web templates that all work
  together to do some sort of work
• Templates are grouped under a hierarchal
  directory structure
• Application.cfm
• Used by all CF templates of the application
• Common file prepended to all .cfm templates
• Implied ltCFINCLUDEgt
• Directory structure of the application determines
  which Application.cfm file gets loaded
• Best to use one Application.cfm template for your
  entire application

6
Application.cfm Location

• Set up the directory structure for your
  application
• All CF templates search through the directory
  structure until the Application.cfm file is
  either found or the web servers root directory
  has been searched.
• In this example the Admin directory does not have
  an Application.cfm template so the server
  searches the Your_App directory for the
  Application.cfm template.

7
Application.cfm Location

• In this example the Product directory does have
  an Application.cfm template so the
  Application.cfm template in this directory is
  used by product.cfm and product1.cfm.

8
Application.cfm Location

• The best place to put your Application.cfm
  template is in the root directory of your
  application. In this case our application is
  called Your_App and an Application.cfm template
  is located there.
• If using a UNIX server the file must be named
  Application.cfm

9
Server Variables

• Are available to all CF templates on the server
• Set when accessed by the first user for the first
  time
• CF creates a few of these variables to display
  information about the CF server and the OS it is
  installed on
• Search on line help for ColdFusion Version
  Information to see the list of variables

10
Application Variables

• Shared by all users of the Application
• Stored in the CF Servers memory
• Lost on CF Server reboot
• Unique to each user
• Set every time Application.cfm get read
• Variables are available to all of the web pages
  in The Application
• I.E. Application.DSN identifies the DataSource
  name to be used by the application

11
Session Variables

• A session is spawned when a user logs into an
  Application on a web site
• Session variables
• Stored in the CF Servers memory
• Lost on CF Server reboot
• Unique to each user
• Set after a successful login
• Variables are available to all of the web pages
  in The Application
• I.E. Session.UserID uniquely identifies the
  Users ID

12
Client Variables

• Client variable
• Persistent over a CF Server reboot
• Unique to the user
• Set after a successful login
• Variables are available to all of the web pages
  in The Application
• I.E. Client.UserID uniquely identifies the
  Users ID
• Client Variables are stored
• As cookies
• In the system registry
• In a CF datasource (Database table)

13
Client Variable Storage Methods

• Cookies
• Cookies must be enabled on the browser
• 20 cookie limit from any one web server
• CF requires 2 for state management (CFID
  CFTOKEN)
• Client management uses CFGLOBALS for HitCount,
  TimeCreated, LastVisit
• Limit of 4KB per cookie
• Database storage
• Need to create a table in a database
• Need to create a datasource on the CF server
• Registry storage
• Default method for storing Client variables

14
State Management Cookies

• Two Cookies, CFID and CFTOKEN, are used to assist
  the server in keeping track of the session
• Defined by the server and sent to the browser
  when the Sate management begins
• Unless SetClientCookies is set to NO in the
  ltCFAPPLICATIONgt tag
• Cookie.CFID, Cookie.CFTOKEN (used by Session and
  Client management)
• Cookie.CFGLOBALS (if Client variables are being
  used)
• Unique for each user, each session, and each
  client
• Read only cookies

15
Enabling State Management

• Use the ltCFAPPLICATIONgt tag inside the
  Application.cfm file
• ltCFAPPLICATION
• Name Name
• ClientManagement Yes / No
• ClientStorage Storage Type
• SetClientCookies Yes / No
• SessionManagement Yes / No
• SessionTimeOut CreateTimeSpan(days, hours,
  minutes, seconds)
• ApplicationTimeout CreateTimeSpan(days,
  hours, minutes, seconds)
• SetDomainCookies Yes / Nogt

16
ltCFAPPLICATIONgt Tag

• Name
• The name of your application
• Required for Session and Application variables,
  optional for Client variables
• ClientManagement
• Set to YES to enable Client variables
• Default is NO
• ClientStorage
• How do you want your application to store the
  client variables
• Not used if ClientManagement is set to NO
• Default method for storing Client variables is
  system registry

17
ltCFAPPLICATIONgt Tag

• SetClientCookies
• Default is YES
• If set to NO then you must code the CFID and
  CFTOKEN on every template in the application
• LEAVE IT SET TO YES!!!
• SessionManagement
• Set to YES to enable Session variables
• Default is NO
• SessionTimeout
• Sets length of time that Session variables exist
• Default timeout period is set on the CF server
• Use the CreateTimeSpan function

18
ltCFAPPLICATIONgt Tag

• ApplicationTimeout
• Sets length of time that Application variables
  exist
• Default timeout period is set on the CF server
• Use the CreateTimeSpan function
• SetDomainCookies
• Sets the CFID and CFTOKEN cookies for an entire
  domain
• Must be set to YES if clustering CF servers
• Default is NO

19
Creating Application Variables

• Set inside the Application.cfm template.
• You define the Application.Variable name
• Uses the ltCFSETgt tag
• ltCFSET Application.DSN Your_Data_Source_Name
  gt
• ltCFSET Application.Your_Var_Name Your
  variablegt
• ltCFSET Application .AppTitle Your
  Application Namegt

20
Creating Application Variables

• Application variables can be called from any
  template in the application
• Must be enclosed in ltCFOUTPUTgt tags or other tags
  that imply the ltCFOUTPUTgt tag
• ltCFOUTPUTgtMy Application title is
  Application.AppTitlelt/CFOUTPUTgt
• ltCFQUERY Name Example DataSource
  Application.DSN SELECT Stuff
• FROM Your_Table
• lt/CFQUERYgt

21
Creating Client Session Variables

• The user must login to the application somehow
• Create a Login.cfm file
• Create a form that calls Validate.cfm
• Create a Username input box
• Create a Password input box
• Create a Submit button
• Create a Validate.cfm file
• Run a query that checks to see if the username /
  password combination is valid
• Use the ltCFSETgt tag to create Session and / or
  Client variables
• Protect the creation of the variables to enforce
  uniqueness

22
Creating Client Session Variables

• Use the ltCFLOCKgt tag to protect the creation of
  the variables
• ltCFLOCKgt ensures single threaded access to the
  code
• Encapsulate the ltCFSETgt tags used for setting the
  variables inside the ltCFLOCKgt tag
• Ensures each Client or Session variable value is
  unique

23
ltCFLOCKgt Tag

• ltCFLOCK
• TimeOut Time out in seconds
• Scope Application / Server / Session
• Name The name of the lock
• ThrowOnTimeOut Yes / No
• Type ReadOnly / Exclusivegt
• TimeOut
• Required
• Specifies the maximum amount of time in seconds
  to wait to obtain an lock
• If a lock is granted execution continues, if not
  an error is generated
• Error handling is determined by the
  ThrowOnTimeOut parameter

24
ltCFLOCKgt Tag

• Scope
• Locks either the Server, the Application, or the
  Session
• Name
• Optional
• The name of your lock
• Named locks are shared between applications and
  user sessions, but not across clustered servers.
• Name is mutually exclusive with the Scope
  attribute. Do not specify the Scope attribute and
  the Name attribute in the same tag.

25
ltCFLOCKgt Tag

• ThrowOnTimeOut
• Optional
• If YES an Exception is created if a lock is not
  granted (default)
• ltCFTHROWgt
• ltCFCATCHgt
• If NO, execution just continues on past the
  ltCFLOCKgt tag
• Type
• ReadOnly - allows more than one request to read
  shared data
• Exclusive - allows only one request to read or to
  write shared data
• Usage causes performance hits (single threaded
  execution)
• Use only where necessary

26
Setting Session Variables

• Code inside the Validate.cfm template
• ltCFQUERY Name Vuser DataSource
  Application.DSNgt
• SELECT FROM Users
• WHERE Username Form.Username AND
  Password Form.Password
• lt/CFQUERYgt
• ltCFIF VUser.RecordCount EQ 1gt
• ltCFLOCK TimeOut 10 Scope Session Type
  Exclusivegt
• ltCFSET Session.LoggedIn TRUEgt
• ltCFSET Session.User VUser.FName
  VUser.LNamegt
• ltCFSET Session.UserID VUser.UserIDgt
• ltCFSET Session.AppIDs gt
• lt/CFLOCKgt
• lt/CFIFgt

27
Setting Client Variables

• Code inside the Validate.cfm template
• ltCFQUERY Name Vuser Datasource
  Application.DSNgt
• SELECT FROM Users
• WHERE Username Form.Username AND
  Password Form.Password
• lt/CFQUERYgt
• ltCFIF VUser.RecordCount GT 0gt
• ltCFLOCK TimeOut 10 Name ClientLock Type
  Exclusivegt
• ltCFSET Client.LoggedIn TRUEgt
• ltCFSET Client.User VUser.FName
  VUser.LNamegt
• ltCFSET Client.UserID VUser.UserIDgt
• ltCFSET Client.AppIDs gt
• lt/CFLOCKgt
• lt/CFIFgt

28
Using The Variables

• Change the function of a hyperlink on a template
  
• ltCFIF IsDefined(Session.LoggedIn)gt
• ltA HREF Logout.cfmgt
• ltfont color WhitegtltBgtLogoutlt/Bgtlt/FONTgt
• lt/Agt
• ltCFELSEgt
• ltA HREF Login.cfmgtltfont color
  WhitegtltBgtLoginlt/Bgtlt/FONTgtlt/Agt
• lt/CFIFgt

29
Using The Variables

• Change the text on a title bar
• ltCFIF IsDefined(Session.LoggedIn)gt
• Welcome ltCFOUTPUTgtSession.Userlt/CFOUTPUTgt to
• KomputerMan's Sample Site
• ltCFELSEgt
• KomputerMan's State Management Sample
  Application
• lt/CFIFgt

30
Using The Variables

• Pass variables to a query (This code is inside
  Validate.cfm)
• ltCFQUERY Name GetAuthorizedApps Datasource
  Application.DSNgt
• SELECT DISTINCT AppID
• FROM Apps
• WHERE UserID Session.UserID
• lt/CFQUERYgt
• Set a list of authorizations
• ltCFLOCK Scope session Timeout 10 Type
  Exclusivegt
• ltCFLOOP Query GetAuthorizedAppsgt
• ltCFSET Session.AppIDs ListAppend(Session.AppIDs
  , AppID)gt
• lt/CFLOOPgt
• lt/CFLOCKgt

31
Using The Variables

• Enforce security
• If a user does not have permissions to view a
  page send them to the index.cfm template
• Add to the top of the template needing security
• Admin.cfm
• Users.cfm
• Record.cfm
• lt!--- If the user is logged in and has rights to
  view this page let them ---gt
• ltCFIF IsDefined(Session.LoggedIn) AND
  ListFind(Session.AppIDs, 2)gt
• Do Stuff
• ltCFELSEgt
• ltCFLOCATION URL index.cfm AddToken Nogt
• lt/CFIFgt

32
Listing Session / Application Variables

• Application and Session variables are registered
  as CF Structures
• Use the StructFind function
• CFID and CFTOKEN are not returned by this command
• ltCFLOOP Collection Application Item
  Keygt
• ltCFOUTPUTgt
• Application.key StructFind(Application,Key)
  
• lt/CFOUTPUTgt
• lt/CFLOOPgt
• ltCFLOOP Collection Session Item Keygt
• ltCFOUTPUTgtSession.key StructFind(Session,Ke
  y)ltBRgtlt/CFOUTPUTgt
• lt/CFLOOPgt

33
Listing Client Variables

• Use the GetClientList function to retrieve the
  Client variables
• CFID, CFTOKEN, and CFGLOBALS are not returned by
  this command
• ltCFOUTPUTgt GetClientVariablesList()
  lt/CFOUTPUTgt

34
Terminating the Session

• Placing this code inside your Application.cfm
  template will force the application to close when
  the browser is closed
• The state management cookies are rewrote to the
  client without an expiration time so they get
  deleted when the browser gets closed
• lt!--- causes the Cookies to expire after the
  browser closes ---gt
• ltCFIF IsDefined(Cookie.CFID) AND
  IsDefined(Cookie.CFToken)gt
• ltCFCOOKIE Name CFID Value
  Cookie.CFIDgt
• ltCFCOOKIE Name CFToken Value
  Cookie.CFTokengt
• lt/CFIFgt

35
Terminating the Session

• Placing this code inside Logout.cfm template will
  destroy all of the Session variables
• Lock your Session
• Loop through all of the Session variables
  deleting those that you can
• ltCFLOCK Scope session Timeout 10 Type
  Exclusivegt
• ltCFLOOP Collection Session Item Keygt
• ltCFIF NOT ListFindNoCase(CFID,CFToken,SessionID,
  URLToken, Key)gt
• ltCFSET StructDelete(Session, Key)gt
• lt/CFIFgt
• lt/CFLOOPgt
• lt/CFLOCKgt

36
Sample Application

• This sample application can be found on the
  session CD
• Download from www.KomputerMan.com/CF_Lab/Sample_Ap
  p_1.zip

37
Summary

• CF allows the programmer to manage state through
  a combination of variables and cookies
• Variables are set once and read many times as
  needed
• Directory structure for your application is
  important
• Use Application.cfm

38
Appendix Tags Discussed

• ltCFINCLUDEgt
• ltCFAPPLICATIONgt
• ltCFSETgt
• ltCFOUTPUTgt
• ltCFQUERYgt
• ltCFLOCKgt
• ltCFIFgt
• lt CFLOOP gt
• lt CFLOCATIONgt
• ltCFCOOKIEgt

39
Appendix CF Functions Discussed

• CreateTimeSpan
• IsDefined
• StructFind
• Collection
• GetClientVariablesList
• ListFindNoCase
• StructDelete