This article is additional information on the differences between Application / Session variables and Client variables and how they are handled by Cold Fusion.

The main differences between session/application and client variables are that

Session and Application variables are stored in memory (the CF server's memory) rather than in the registry so they're faster to access and don't fill up the registry.
Session and Application variables also have a much finer granularity of time-out associated with them. With client variables, you can specify in the Cold Fusion Administrator that you would like them to be deleted from the registry after a certain period of inactivity. That's basically the only way they could "time out." Session and application variables can be set to time out after a very precise period of inactivity either on a per page basis via the CFAPPLICATION tag or by setting defaults in the administrator.

The whole point of this time out capability is to create the illusion of a "session". In other words, the CF engine doesn't really know what a session is or when it might end. It doesn't know if the user has actually finished using a particular web application (i.e., accessing a certain set of web pages) or if he's just a slow reader and is moving slowing between pages. A CF programmer could use the timeout feature of session variables to define what a "session" is. For example, he could decide that a session ends when a new page has not been accessed for 5 minutes. After 5 minutes of inactivity, any session variables he has set would be discarded.


Like client variables, however, session variables depend on the same client management mechanism to identify the user. So session variables still require a CFTOKEN and CFID to be returned with each page request so the engine knows whose session variables to access. Some customers have been quite upset and disappointed that we still require the CFID and CFTOKEN as these are still saved in the registry on the server and are often maintained in cookies on the client. Customers may ask, somewhat correctly, what's the point if we still keep some data in the registry and still use cookies on the client side. There may be no good answer for them. The answer is that session variables are an improvement over client variables but not a 100% solution for people who hate touching their registry. (Of course it's always possible to use client management without cookies but, admittedly, it is more difficult.)


Also, it is important to note that Session and application variables must be always be accessed via their complete names as there's no automatic name resolution associated with them. Again, this was a performance decision, but some users haven't been happy about it.

WorkAround
Hopefully, this document has cleared up some issues with Session, Application and Client variables.




            邓艳兵
            dengyb@openet.com.cn