<cfset tracker=createObject("java","coldfusion.runtime.SessionTracker")>
<cfset sessions=tracker.getSessionCollection(application.applicationname)>
<cfoutput>
<cfloop item="loopSession" collection="#sessions#">
Idle Time:
#getSessionProxy(sessions[loopsession],'getTimeSinceLastAccess')#<br/>
</cfloop>
</cfoutput>
<cffunction name="getSessionProxy"
output="false" access="public" returntype="string">
<cfargument name="session" required="true" type="struct" />
<cfargument name="method" required="true" type="string" />
<cfset var _a = arrayNew(1)/>
<cfset var _sessionClass =
_a.getClass().forName("coldfusion.runtime.SessionScope") />
<cfset var _method = ''/>
<cfset var _value = ''/>
<cftry>
<cfset _method =
_sessionClass.getMethod(arguments.method, _a) />
<cfset _value = _method.invoke(arguments.session, _a)/>
<cfcatch><!--- Do Nothing ---></cfcatch>
</cftry>
<cfreturn _value />
</cffunction>
That works great and is very valuable data, but what if you need to find out what the session.idofuser is on one of those sessions or another session variable that you need access too? There really is no reflected function that gives you access to those variables without touching the session timeout. You could do sessions[loopSession].idofuser but that would trip the session. Even a cfdump of the sessions collection trips the session. I couldn't find this documented on blogs or anywhere else, but there is a new sessionScope method going by the name of "getValueWIthoutChange". This must be new in CF8. I'm guessing one reason it was added is for the server monitor which gives you access to this info without touching the session timeout. If you google this method, you get absolutely 0 results. When I saw that in the dump of the sessionScope class, I knew there was hope. Important to note too is that Java is very case sensitive. Notice that the W and I are capped in "WIthout". Typo that made it through? Anywho, my next challange was finding the correct casting and such to be able to pass a var into the reflected getValueWIthoutChange method from CF. I flailed on this for about a day before I took this to a co-worker that was a java guy in a past life. He had it nailed down for me in a 1/2 hour or so. Long story short, we ended up with a method that will allow you to get any session var without touching the sessions. This is a beautiful thing and opens up all kinds of possibilities.
<cfset tracker=createObject("java","coldfusion.runtime.SessionTracker")>
<cfset sessions=tracker.getSessionCollection(application.applicationname)>
<cfoutput>
<cfloop item="loopSession" collection="#sessions#">
Idle Time:
#getSessionProxy(sessions[loopsession],'getTimeSinceLastAccess')#<br/>
User ID:
#getSessionValue(sessions[loopsession],'idofuser')#<br/><br/>
</cfloop>
</cfoutput><cffunction name="getSessionValue"
output="false" access="public" returntype="any">
<cfargument name="session" required="true" type="struct" />
<cfargument name="key" required="true" type="string" />
<cfset var a = arrayNew(1)/>
<cfset var valueMethod = ''/>
<cfset var value = ''/>
<cfset var sessionClass =
a.getClass().forName("coldfusion.runtime.SessionScope") />
<cftry>
<cfset a[1] =
CreateObject("java","java.lang.String").GetClass()/>
<cfset valueMethod =
sessionClass.getMethod("getValueWIthoutChange",a) />
<cfset a[1] =
CreateObject("java","java.lang.String").Init(arguments.key)/>
<cfif findnocase(arguments.key,structkeylist(arguments.session))>
<cfset value = valueMethod.invoke(arguments.session, a)/>
<cfelse>
<cfset value = ''/>
</cfif>
<cfcatch><!--- Do Nothing ---></cfcatch>
</cftry>
<cfreturn value />
</cffunction>
<cffunction name="getSessionProxy"
output="false" access="public" returntype="string">
<cfargument name="session" required="true" type="struct" />
<cfargument name="method" required="true" type="string" />
<cfset var _a = arrayNew(1)/>
<cfset var _sessionClass =
_a.getClass().forName("coldfusion.runtime.SessionScope") />
<cfset var _method = ''/>
<cfset var _value = ''/>
<cftry>
<cfset _method =
_sessionClass.getMethod(arguments.method, _a) />
<cfset _value = _method.invoke(arguments.session, _a)/>
<cfcatch><!--- Do Nothing ---></cfcatch>
</cftry>
<cfreturn _value />
</cffunction>
Now, as an important note and as has been echoed on other blogs, this is an undocumented method and the farm should not be bet on it. There is no guarantee that it will live on in other versions of CF so use wisely.
With that said, praise God for technology and go change the world.
Blessings...
Posts
9 comments:
This is good stuff. I'll blog about this for sure!
I would change:
cfif find(arguments.key,structkeylist(arguments.session))
to
cfif findNoCase(arguments.key,structkeylist(arguments.session))
The "FindNoCase" makes it easier.
Yep, you're right. Thanks Sam, I've adjusted the post.
Sorry if I missed something, but what cf version are we talking about here?
@alin - This code is in the context of CF8
In my tests invoking getTimeSinceLastAccessMethod as you are doing always returns the last access time and then modifies the last access time to 0.
Is it possible to use this method to get the last access time, such that that time is not reset to 0?
This is great stuff and seems to efficiently kill a session without the ghosting that normally happens. One question however, opening up the internal Java Components can potentially be a pandora's box especially on a shared server. Is there any way that you know of to utilize this functionality but keeping the server secure at the same time?
@Jordan - I'm unaware of the security holes that this would open up. That certainly doesn't mean that there couldn't be any. In calling the session object via java, what holes might it open up?
@DET - what version of CF are you working with?
Post a Comment