ColdFusion MX 7 Login Security (Page 3 of 13)

The onApplicationStart Method

41. <cffunction name="onApplicationStart" returntype="boolean" output="true">
43.   starting application
44.   <cfset Application.configured = 1>
45.   <cfset Application.datetimeConfigured = TimeFormat(Now(), "hh:mm tt") & "  " &
                                              DateFormat(Now(), "mm.dd.yyyy")>
46.   <cfset Application.currentSessions = 0>
47.   <cfreturn true>
48. </cffunction>

This method is executed the first time an application starts up. It is used to set up Application-scoped variables and define anything relative to the entire application as a whole. In our sample application, we'll be tracking user sessions using the Application.currentSessions variable and another Application scoped variable we'll discuss later. Notice there is no locking around the writing of these Application variables. ColdFusion imposes an implicit Application lock around any code placed in the onApplicationStart method.

The onSessionStart Method

58. <cffunction name="onSessionStart" returntype="void">
59.   ...
60. </cffunction>

Immediately after the onApplicationStart method is executed, the onSessionStart method will execute. This method is typically a good place to store session-specific initialization code. We'll be tying user logins to the session scope but keep in mind that this method will create the session scope and tie it to each user before each user actually logs in. This is done by ColdFusion in an effort to set up the CFID and CFTOKEN variables and the Session.sessionid variable. It may seem odd that I am not setting up session data for users in this method; the reason will become clear later on. Even though there is no code in this method, the same locking principle applicable to the onApplicationStart method applies here. ColdFusion places an implicit Session lock around any code in this method.