I cannot force my session to save itself with J2EE enabled, and the browser cookie is disabled using SESSION.URLToken to add session information to the link.
I need a very specific solution for these exact criteria due to the following limitations:
- We have more than 2500 templates and we try not to add
URLSessionFormat()to each link. - We already have an internal variable that we include in each link (
link.cfm?#OurVariable#), which is set from one input validation template. We would like to reuse this variable to insert SESSION.URLTokenwhen necessary. - We would rather use J2EE. This code already works great with CF Session Management.
- 1/3 of our users do not allow cookies, and we cannot force them. They are in a very closed environment with older browsers.
Now, the test case .....
Application.cfc:
<cfcomponent>
<cfset this.name = "test" />
<cfset this.sessionManagement = true>
<cfset this.sessionTimeout = createTimeSpan(2,0,0,0)>
</cfcomponent>
Index.cfm:
<CFOUTPUT>
<CFSET SESSION.Testme = 123 />
<a href="#URLSessionFormat("index2.cfm?somevar=test")#">link 1</a>
or this
<a href="index2.cfm?#session.urltoken#&somevar=test">link 2</a>
</CFOUTPUT>
Index2.cfm:
<CFDUMP VAR="#SESSION#">
With browser cookies turned off and J2EE session variables turned on, link 1 will display the TestMe key in cfdump. "link 2" will not be.
With browser cookies disabled and J2EE session variables disabled (the default for ColdFusion CFID / CFToken Session management), both links display the TestMe key as expected.
Please review my 4 parts of the criteria above, suggesting solutions as to why CF Session Management is working as expected, while J2EE does not.
Thanks for the understanding you can provide!