9 of 14

2. Session and Application Variables (Server category, Variables page): You may wish to disable session and application variables, so that if you accidentally write them into your application, you'll receive an error rather than allowing the application to function. Since session and application variables are not centrally stored, if you should accidentally use session and application variables, your application will function on the cluster but with undesirable results. Disallowing session and application variables adds another level of protection.

STEP 3: Application Design Conversion
This will probably be the most challenging step. Since I can't be there to help you with your code, I can't provide screenshots and other helpful tools to aid you in the design or conversion of your application to use client variables. However, there are some basic bits of code that you'll need to use, starting with the CFAPPLICATION tag.

The CFAPPLICATION Tag
This is an important setting. In every Application.cfm in your application (if you are using Fusebox, chances are this setting will exist in your "app_Globals.cfm" file), you should have a CFAPPLICATION tag. You need to make sure that you have enabled client variables for your application, and turned off the ability to use session variables in each instance of the tag. A sample CFAPPLICATION tag, using our database created above as an example, would look like this:

<CFAPPLICATION
NAME="YourAppName"
CLIENTMANAGEMENT="Yes"
SETCLIENTCOOKIES="Yes"
CLIENTSTORAGE= "CVR">

Make sure you specify a separate name for each application running on your cluster - the CVR database uses that name to keep client variables unique, should you choose to store all client variables for all applications in one database (i.e., using the Default Client Variable Storage location in the ColdFusion Administrator).

It remains a matter of choice whether or not you will enable "SETCLIENTCOOKIES" - the use of cookies makes coding easier because you don't need to pass CFID and CFTOKEN in the URL throughout your application. Passing CFID and CFTOKEN in the URL presents a couple of issues:

  • You could get a potential problem with a user trying to "jump sessions" by hacking different numbers into the CFID/CFTOKEN variables.
  • CFID and CFTOKEN can cause problems when someone wishes to bookmark a page in your application.

    9 of 14