If you use ColdFusion session variables, the Session scope has four built-in, read-only variables that your application can use. If you use J2EE session management, the Session scope has two built-in variables. Generally, you use these variables in your ColdFusion pages only if your application supports browsers that do not allow cookies. For more information on supporting browsers that do not allow cookies, see Using client and session variables without cookies. The following table describes the built-in session variables.
| Variable | Description |
|---|---|
|
Session.CFID |
ColdFusion session management only: the client ID, normally stored on the client system as a cookie. |
|
Session.CFToken |
ColdFusion session management only: the client security token, normally stored on the client system as a cookie. |
|
Session.URLToken |
ColdFusion session management: A combination of the J2EE session management: A combination of the |
|
Session.SessionID |
A unique identifier for the session. ColdFusion session management: a combination of the application name and J2EE session management: the |
Note: ColdFusion lets you delete or change the values of the built-in session variables. As a general rule, avoid doing so.
If you enable client variables and ColdFusion session management, ColdFusion uses the same values for the Client and Session scope CFID, CFToken, and URLtoken variables. ColdFusion gets the values for these variables from the same source, the client's CFID and CFTOKEN cookies.
If you use J2EE session management, the Session scope does not include the Session.CFID or Session.CFToken variables, but does include the Session.URLToken and Session.SessionID variables. In this case, the Session.SessionID is the J2EE session ID and Session.URLToken consists of the string jsessionid= followed by the J2EE session ID.