Description

Renews the session when started. For example, you want to generate a new session after a successful login. It prevents session attacks, because the session before and after a successful authentication is different.The method,

  • Creates a session
  • Copies the data from the old session to the new session
  • Invalidates the old session
  • Invalidates or overwrites the old session cookies
  • Creates new session cookies if the old session cookies are invalidated
  • Copies and updates client storage data to new session keys
Note: Does not rotate jsessionid when JEE sessions are enabled. This only works with ColdFusion sessions (CFID, CFTOKEN).

Returns

None

Category

Display and formatting functions

Syntax

SessionRotate()

See also

SessionInvalidate

History

ColdFusion 10: Added this function.

Parameters

None

Usage

Use this function to rotate the session.

Example

Application.cfc

<cfcomponent>
<cfset this.sessionManagement = true />
<cfset this.name = "session_app" />
</cfcomponent>

sessionRotate.cfm

<cfif isDefined("url.rotate") >
<cfset sessionRotate()/>
</cfif>
<cfif isDefined("url.name") >
<cfset session.name = url.name />
</cfif>
<cfdump var="#session#" label="SESSION">
<cfoutput>
<a href="sessionRotate.cfm?name=BOB">Set session.name = BOB </a> <br/>
<a href="sessionRotate.cfm?rotate=TRUE">Rotate the session</a>
</cfoutput>

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy