[ColdBox 3.5.0 Final] Persisting an existing session

I am brand new to Coldbox and this group, please forgive me if am
doing something wrong. I did some searching first and didn't see an
answer to this question.

We have a unified login across our entire network. Dozens of
applications share a session so that you can navigate from application
to application seamlessly without logging in each time. Each
application uses its own structure within the session scope to manage
application specific session information (e.g.
session['currentAppName']). None of the other applications use
Coldbox, this new app is the first implementation of CB on the

When visiting the CB app, the session gets overwritten by CB.
Considered copying the session using the SessionStorage plugin, but
that does not solve the issue of persisting the existing session for
when a user wants to leave the app and move back to another existing
app. I tried copying the session onSessionStart, but I think I run
into a race condition there.

I need to persist an existing session into the CB session.

P.S. I have some in service meetings that may make it difficult for me
to reply to additional information requests until Thursday. I will
try my best to get back on here before then, I just don't want anyone
to think it is an abandoned thread.

First, Welcome to the community, Keith!

Now, can you elaborate: " When visiting the CB app, the session gets overwritten by CB." ?

ColdBox should not replace anything in the session scope. Some variables may be added to the session scope for debugging or when Flashing variables between requests or using the SessionStorage plugin; however, I don’t belive ColdBox does anything like. structClear(session).

Bottom line
Anything you put into the session scope should not be impacted by ColdBox. I think there is something else going on within the application.

Try This
What happens when you go to the Application.cfc onRequestStart method and add the following code to the top of the function so it executes before ColdBox can grab the request?

<cfset writeDump(var=session,abort=true) />



Thanks for reaching out Aaron. So far I am really enjoying the CB
framework, sometimes I feel like I am drowning in the more advanced
features, but on the basic level it performs a lot like I have always
wanted frameworks to perform.

I have to run to meetings, but I will give you the info on the dumps
when I can get back to the code. I did try that at one point, I just
don't remember the results off hand. Below is some more detailed
information about what you asked about.

When I arrive at the application, lets call it QAR (since that is its
name), you can scroll down to the debugging information and see all of
the previously existing data (previously set, global values user_id,
group_id, etc). To begin using the application the user must select
an item to work on (a QAR), from a select list and hit submit.

When I arrive to the next page, and scroll down to the debug
information, all the global session information is gone. Now, during
that submission, I can set information (e.g. a QAR_id), and that will
be there. But all of global session keys are gone.

Hi Keith,

Coldbox does not override any session variables but I think the problem could be due to different Application name.
Please make sure you have same Application name across different Apps.
Application.cfc this.name = “-----”


Hi Keith,

Sana is right about the need to have the same application name as defined in Application.cfc/.cfm for session variables to be shared between applications. The only worry would be that all session variables will be share, as all the applications would be seen as one, so that could mean that aspects of one application could “bleed” into another causing unexpected results.

Have you thought about moving your shared variables into the Server scope? That way they will be available to all applications on the server without the session vars on each “application” messing with each other.


Actually I would not suggest the server scope for session management as it never expires, and a user would never be logged out either.

If this is for single sign on, the session is the best place to put it and the Application Name will need to be the same across all your applications.

This is true. Whilst the server scope does not expire you could delete the user server scope variables used to check if the user is logged in with a “logout” event.

Just wanted to offer an alternative to using the session scope across “applications” that share the same application name which can have unexpected results if one “application” amends a session variable that another “application” depends on.


How would you fire the logout event if the user just closes the browser.

I think I have agreed that it's not perfect.

I think I have agreed that it’s not perfect.

Sorry for disappearing for a while there. I discussed it with some of
the other developers in the other division and they said that they had
no problems across application names. I don't have access to their
code base, so I cannot confirm that.

With that said, I have just done some initial testing, and it seems
like defining the appName as "" in the Coldbox.cfc is preserving the
existing session data. As best as I can tell, the framework was not
wiping the existing session as much as launching a brand new session
and ignoring the previously existing one. When you guys mentioned the
appName, it was a complete facepalm, I hadn't thought of
troubleshooting that and it made complete sense.

It looks like the issue is resolved, thank you everyone for the
advice, you all were a huge help at giving me a different perspective.

Hi keith,

Sessions are always based around the application name - otherwise on a
shared server you'd cause havoc with other peoples apps structClear(session)
for example!!!

First, I am not sure how this occurred, but it says that unwittingly
changed the name of the thread. I am not sure how I did that, but my
apologies to Andrew. His format followed the forum guidelines and I
went and messed it up some how.

Second, I am seeing a disconnect between the session dump in the debug
information and when I actually dump the session. In this case once I
set the app name to "" I was seeing the previously existing session
information in the debug dump, hence my excitement about the

Unfortunately as I changed the code to reference that information, it
caused an error, saying that it didn't exist. I changed the code
back, relogged in, saw the information in the debug dump, then dumped
it myself to find that the two were not consistent. Stuff that I was
setting wasn't showing up in the debug, and stuff in the debug was not
showing up for my code.

I am going to get in touch with some more of the developers from the
other team and see if I can look at the code base and find out if
there is a unified application name that they are unaware of for some
reason. Any other suggestions are welcome.


ok, everyone. Here is the new wrench in it. After finding out more
about their environment (I was a bit in the dark before), from what I
have gathered they are not using Application.cfc's anywhere. What
they are doing is using the Application.cfm files and then including
the file further down the file structure to persist the the over all
session. Yes, my mind is a bit blown...

So, I have a simple question, which I am almost certain the answer is
"No", but I just figured I would get it from some experts before
giving up on this fiasco. Can CB be bootstrapped using the
Application.cfm instead of the Application.cfc?


Why would you want too?

The thing to remember is that whether it is Application.cfc or
Application.cfm, there is still a requirement that they both need to use
and Application name. In Application.cfm this will be done by the use of
the <cfapplication /> tag where as Application.cfc would be done by setting
this.name to the name you want.

I am at as much of a loss as you are Andrew. Unfortunately, I am not
in a position to affect standards in the position I am in. I have
been told that right now my options are to include the ../
application.cfm with in coldbox, or abandon coldbox and build with out
using a framework (which seems to be their standard route). I
figured I would reach out to all of you, since it is such an odd

Wow.... What reason do they have for making such a statement?

I am sure they have their reasons, even if I cannot fathom it; it is a
large entity that has been making a lot of CF applications. I just am
not privy to their reasons and architecture because I am not actually
on the "development team". I am working for another department on
some pet projects. Unfortunately this particular pet project has to
fit into their existing eco system.


Well the thing is that it can fit in, it doesn't need to use
Application.cfm to do that. But if you must use Appliction.cfm there is no
reason why you can't, the only problem is that you loose the benefits of
all the events like onRequestStart, onSessionStart etc., and not to mention
you also loose the fact that Application.cfc is much more thread safe than
Application.cfm which is pretty much a requirement for any frameworks these

Once you set the Application name to the same as theirs, it will inherit
all the Application and session variables, but will not not be able to use
any of the functions that they may have in Application.cfm.

I have never seen a standard of using Application.cfm over Application.cfc,
that is just weird in itself. I could see more of a use case for a standard
to use Application.cfc as a standard over using Application.cfm but they
must have a good reason for it.

The question I would ask, if you are in a different department you will
have your own standards, but what does it matter what you use as long as it

They don't actually care what I do, but the only solution they will
give me for the session disappearing is this one; and I have to have
this session.