After seeing the discussion <@U01UMF483V4> iniciat...
# lucee
a
After seeing the discussion @Adam Cameron iniciated about deprecation, it reminded me about isDefined() deprecation. Of course, I always use structKeyExists() everywhere. But the session scope doesn't seem to exist all the time. That"s when I help myself with isDefined(). How do I check if a scope exists without isDefined()? Is there a scopeExists() or similar?
w
getApplicationMetadata()
there is a key in the result for sessionmanagement, boolean
if( getApplicationMetadata()["sessionmanagement"] ) { .... sessions are enabled ... }
b
@Andreas If you look in the Coldbox framework-- we've had to solve this in a cross-engine compatible manner as well.
a
Thx @websolete but I've seen session scope being created just when a session var is set, e.g. session.userid, despite of session enabled.
@bdw429s thx
b
Over the years different versions of Lucee and Adobe have worked differently in how to detect if the session scope is enabled.
a
Going to dig into this
b
The `getUserSessionIdentifier() method in the controller is where this logic lives now. It looks like on the supported versions of ColdFusion, we are now able to use
Copy code
var isSessionDefined = getApplicationMetadata().sessionManagement;
for all engines
I think it was the older CF10/CF11 engines that we used to use indefined for, but we've dropped support for them
So another vote for @websolete's method 🙂
a
👍
w
I've seen session scope being created just when a session var is set, e.g. session.userid, despite of session enabled
i think what you're seeing in this case is implicit creation of a struct called 'session', which will go out of scope at the end of the request, not actually 'session scope'. misleading
b
Yeah, could be creating
variables.session.userid
a
Tons of thx @websolete & @bdw429s
z
there are a few rules about when a session is created (to avoids bots etc, needs an onSessionStart or a value assigned to the session), but i could imagine it being useful to make (optionally) the session scope R/O when sessions aren't enabled. also maybe a BIF
isSessionEnabled()
a
I'm quite interested to know how situations arise where ppl... don't already know if session management is enabled in their own applications or not. And what other situations where one might not know if some other scope might not exist?