I have been tossing various user setting in session scope for years. I now need the ability to hot swap between logins and am wondering if there is a list of internal session scope variables in lucee i need to maintain a session? my curent list
“sessionid”,“urltoken”,“cfid”,“timecreated”,“cftoken”,“lastvisit”
for reference(maybe session scope is bad place for this storage?) i store things like:
timezone,
unit system,
etc…
Yer kinda thinking about this the wrong way around. The session scope doesn’t really effect the session; it’s the “result” of having a session, if that makes sense.
It’s the cfid and cftoken cookies that you need to send with a request for that request to be considered part of that session. In turn, that session’s session scope values are exposed to the request.
This is with Session Type “application”, anyhow. With “JEE” sessions, I imagine it’s the jsessionid cookie you need instead.
I did a search in the Lucee docs for the relevant stuff on this, but drew a blank. What I say above is how it’s done (and documented) on CF, and I can vouch from experience that all one needs to associate a request to a session with “Application” sessions is the cfid and cftoken on Lucee.
What do you mean exactly by “hot swap” logins? Log out and log in with another user account?
When this product was originally designed one login would log you into one companies site. Now we have regional managers and dealers who need to jump from one company site to another and have their settings move to the new sites settings. For a company site login i used the session scope to store timezone and unit system, etc. Old way they would log out, and i would end the session (sessionInvalidate()) and when they logged in i would reload all the variables into a new session scope. Now i need to keep them logged in on same session but switch out all these site variables. I cant simply overwrite all these setting because some dont exist from site to site.