Given that we have a single Lucee server with no clustering should we use
j2ee sessions? What are the advantages/disadvantages to using either? I’d
like to be able to rotate/invalidate sessions, but without additional code
this isn’t possible with j2ee sessions, correct? If the server currently
uses tomcat would it be better to stick with j2ee sessions?
You can use SessionRotate() and SessionInvalidate(). In the ACF
documentation it says it only works on cfml sessions, don’t know about
Lucee (haven’t used these functions yet). I wouldn’t be surprised if Lucee
doesn’t care about which type of session it actually is.
The session implements the HttpSession interface:
http://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpSession.html
I believe this goes for both cfml and j2ee sessions.
So in your case I’m not aware of any advantage of one type over the other.
Personally, I view cfml sessions as legacy.Op zondag 1 maart 2015 20:17:57 UTC+1 schreef Jonathan Brookins:
Given that we have a single Lucee server with no clustering should we use
j2ee sessions? What are the advantages/disadvantages to using either? I’d
like to be able to rotate/invalidate sessions, but without additional code
this isn’t possible with j2ee sessions, correct? If the server currently
uses tomcat would it be better to stick with j2ee sessions?
Access to jee sessions is very limited for Lucee, simply because the
interface the servlet specification provides is limited.
MichaAm Sonntag, 1. März 2015 schrieb Jonathan Brookins :
Given that we have a single Lucee server with no clustering should we use
j2ee sessions? What are the advantages/disadvantages to using either? I’d
like to be able to rotate/invalidate sessions, but without additional code
this isn’t possible with j2ee sessions, correct? If the server currently
uses tomcat would it be better to stick with j2ee sessions?–
You received this message because you are subscribed to the Google Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to lucee+unsubscribe@googlegroups.com
<javascript:_e(%7B%7D,‘cvml’,‘lucee%2Bunsubscribe@googlegroups.com’);>.
To post to this group, send email to lucee@googlegroups.com
<javascript:_e(%7B%7D,‘cvml’,‘lucee@googlegroups.com’);>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/4bab22b6-35e9-491d-b551-57b02a179162%40googlegroups.com
https://groups.google.com/d/msgid/lucee/4bab22b6-35e9-491d-b551-57b02a179162%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.
One thing to consider is that J2EE sessions “expire” at the client side
when closing the browser (not just the page’s tab) due to J2EE being
session cookie values, vs CFML sessions in the browser remain valid after a
browser is closed and re-opened.
On the server, the session stays alive until timeout or specifically ended.
Read especially the comments in an old Ben Nadel post about this:
It’s an old post and it’s possible things may have changed since.