http://coldfusion.com logo
#lucee
Title
# lucee
a

Andreas

02/18/2022, 6:34 PM
After seeing the discussion @Adam Cameron iniciated about deprecation, it reminded me about isDefined() deprecation. Of course, I always use structKeyExists() everywhere. But the session scope doesn't seem to exist all the time. That"s when I help myself with isDefined(). How do I check if a scope exists without isDefined()? Is there a scopeExists() or similar?
w

websolete

02/18/2022, 6:52 PM
getApplicationMetadata()
there is a key in the result for sessionmanagement, boolean
if( getApplicationMetadata()["sessionmanagement"] ) { .... sessions are enabled ... }
b

bdw429s

02/18/2022, 6:57 PM
@Andreas If you look in the Coldbox framework-- we've had to solve this in a cross-engine compatible manner as well.
a

Andreas

02/18/2022, 6:57 PM
Thx @websolete but I've seen session scope being created just when a session var is set, e.g. session.userid, despite of session enabled.
@bdw429s thx
b

bdw429s

02/18/2022, 6:58 PM
Over the years different versions of Lucee and Adobe have worked differently in how to detect if the session scope is enabled.
a

Andreas

02/18/2022, 6:58 PM
Going to dig into this
b

bdw429s

02/18/2022, 7:01 PM
The `getUserSessionIdentifier() method in the controller is where this logic lives now. It looks like on the supported versions of ColdFusion, we are now able to use
Copy code
var isSessionDefined = getApplicationMetadata().sessionManagement;
for all engines
I think it was the older CF10/CF11 engines that we used to use indefined for, but we've dropped support for them
So another vote for @websolete's method 🙂
a

Andreas

02/18/2022, 7:07 PM
👍
w

websolete

02/18/2022, 7:36 PM
I've seen session scope being created just when a session var is set, e.g. session.userid, despite of session enabled
i think what you're seeing in this case is implicit creation of a struct called 'session', which will go out of scope at the end of the request, not actually 'session scope'. misleading
b

bdw429s

02/18/2022, 7:38 PM
Yeah, could be creating
variables.session.userid
a

Andreas

02/18/2022, 8:58 PM
Tons of thx @websolete & @bdw429s
z

zackster

02/19/2022, 2:48 PM
there are a few rules about when a session is created (to avoids bots etc, needs an onSessionStart or a value assigned to the session), but i could imagine it being useful to make (optionally) the session scope R/O when sessions aren't enabled. also maybe a BIF
isSessionEnabled()
a

Adam Cameron

02/19/2022, 7:26 PM
I'm quite interested to know how situations arise where ppl... don't already know if session management is enabled in their own applications or not. And what other situations where one might not know if some other scope might not exist?