Is there a way to selectively enable a session in Coldfusion?

Question

Is there a way in Coldfusion to selectively enable a user session? I don't need to track all users that visit my site, only users who have logged in. Is there a way to activate the user session, only after a login process?

(I have a feeling the answer is no, but I thought I'd ask as some of you may have more experience with user sessions.)

Answer 1

One workaround is to just quickly discard the sessions of those who aren't logged in. This doesn't reduce the overhead of creating new sessions if that's heavy in your app, but it does save memory over time. I'm doing this in a few big apps to not keep sessions around for spiders and the like. You could use a variation of this to quickly expire non-logged in visitors.

Near the top of your Application.cfc:

<!--- save memory by expiring non-user sessions quickly --->
<cfif structKeyExists(cookie, "CFID")>
    <!--- 7 days for normal users --->
    <cfset THIS.sessionTimeOut = CreateTimeSpan(7, 0, 0, 0) />
<cfelse>
    <!--- 30 sec short session for agents like bots that do not accept cookies --->
    <cfset THIS.sessionTimeOut = CreateTimeSpan(0, 0, 0, 30) />
</cfif>

I don't remember who I got this idea from, so can't credit it correctly.

Answer 2

Why is it that you don't want to track non-logged-in users? Just don't need to? Save Memory? etc.

Like Al said, by default session is pretty light. You can setup your business logic to only track things like preferences or a shopping cart in session once they're logged in - they'll just be undefined or empty strings if they're not logged in.

Answer 3

You may, add a Application.cfc in /member, and turn on session management there.

Then for pages that required session, put the under /memeber.

Answer 4

If you enable sessions, you'll get them for every user. Nothing says you need to use session variables, however. Only the most basic data (session token, for instance) will be created.