What are the best practices for managing session variables in a clustered environment? @Simon_Goldschmidt suggested this method to perform an exclusive session lock across a cluster:
<cftransaction action="begin" isolation="serializable">
<cfquery name="sessionlock" datasource="cfsessions">
select cfid from cf_session_data where cfid=<cfqueryparam value="#cfid#"> for update
</cfquery>
....
</cftransaction>
But could this prevent Lucee from loading a session into memory on a request? Would you also need to perform some sort of read lock on session? If so, how?
Also, tomcat servlets, like the websocket extension, pass references to the user’s session scope as arguments, and therefore you cannot call lock scope="session"
and you cannot run if (session.myvar == "foo")
. You need to get your session variables directly out of the sessionScope argument.
I’m thinking that whatever code is used for session management should accept a session scope as an argument (defaulting to the “session” scope). Here’s my proposed API:
public any function getSessionVar(required string varName, struct sessionScope=session) {}
public any function setSessionVar(required string varName, required any value, struct sessionScope=session) {}
public boolean function deleteSessionVar(required string varName, struct sessionScope=session) {}
public boolean function sessionVarDefined(required string varName, struct sessionScope=session) {}