tracker issue : CF-3039298

select a category, or use search below
(searches all categories and all time range)
Title:

Bug 78825:(Watson Migration Closure)Session even if disabled via application or the administrator still creates an empty session structure

| View in Tracker

Status/Resolution/Reason: Closed/Withdrawn/

Reporter/Name(from Bugbase): Luis Majano / Luis Majano (Luis Majano)

Created: 07/15/2009

Components: Core Runtime, Session Management

Versions: 9.0

Failure Type: Unspecified

Found In Build/Fixed In Build: 0000 /

Priority/Frequency: Normal / Unknown

Locale/System: English / Platforms All

Vote Count: 0

Problem:

Session even if disabled via application or the administrator still creates an empty session structure.  So there is no way to know if the session is enabled or not.The best way to approach this is that if the session management is not enabled, then the session scope should NOT be created.  Railo and open BD both have this approach and it makes it much more easier to detect if session is enabled or not.  
Method:

disabled session management and do this:isDefined("session")
Result:

Session even if disabled via application or the administrator still creates an empty session structure.  So there is no way to know if the session is enabled or not.

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	3039298

External Customer Info:
External Company:  
External Customer Name: Luis Majano
External Customer Email: 7A3D2E124563615A99201549
External Test Config: 07/15/2009

Attachments:

Comments:

to know whether sessionmanagement is enabled or not we can use getApplicationMetadata which returns a structure of application settings. returned struct contains a key named sessionmanagement which contains YES/NO based on application.cfc/cfm setting.
Comment by S V.
23418 | November 19, 2014 01:02:45 AM GMT
As Pavan mentioned, session and application are reserved scopes. When user disables session or application, we don't create a new session/application scope but use a special object which blocks any modification to it. So there is no performance implication. Changing the behavior as requested in this bug would have a serious implication. Let's say there is a code which says session.somekey = someValue; With the current behavior, this would throw an error saying that the session is not enabled. With the behavior you are asking, this would create a struct named session in the variable scope. Someone looking at this code would have no clue whether somekey is going in the session or variable. This is not a bug and we are closing this. Pavan has shared how you can figure out whether the session management is enabled or not.
Comment by Rupesh K.
23419 | November 20, 2014 12:33:34 AM GMT