ColdFusion and J2EE session management
The ColdFusion server can use either of the following types of session management:
- ColdFusion session management
- J2EE servlet session management
ColdFusion session management uses the same client identification method as ColdFusion client management.
J2EE session management provides the following advantages over ColdFusion session management:
- J2EE session management uses a session-specific session identifier,
jsessionid, which is created afresh at the start of each session.
- You can share session variables between ColdFusion pages and JSP pages or Java servlets that you call from the ColdFusion pages.
- The session automatically ends when the user closes all browser windows.
- The Session scope is serializable (convertible into a sequence of bytes that can later be fully restored into the original object). With ColdFusion session management, the Session scope is not serializable. Only seriablizable scopes can be shared across servers.
Therefore, consider using J2EE session management in any of the following cases:
- You want to maximize session security, particularly if you also use client variables
- You want to share session variables between ColdFusion pages and JSP pages or servlets in a single application.
- You want to be able to manually terminate a session while maintaining the client identification cookie for use by the Client scope.
- You want to support clustered sessions; for example, to support session failover among servers.