[coldbox-5.0.0-rc.1] Disabling

I am attempting to disable coldfusion’s session and client management for a coldbox application.

I updated my Application.cfc with


this.clientManagement = false;
this.sessionManagement = false;
this.setClientCookies = false;


And I updated my coldbox/config.cfc like so


flash = {
scope = “cache”


However, when I actually run the app I get the following error

# The requested scope session has not been enabled.
Before session variables can be used, the session state management system must be enabled using the cfapplication tag.

The error occurred in G:/apps/lib/Coldbox/5.0.0-rc.1/system/web/flash/ColdboxCacheFlash.cfc: line 45 |

The function that is erring looks like


function getFlashKey(){
var prefix = “cbFlash:#application.applicationname#”;

// this is if is the line that barfs
// specifically, it breaks on the structkeyexists call
// session is defined but it errors if you access it

// Check jsession id First
if( isDefined( “session” ) and structKeyExists( session, “sessionid” ) ){
return “cbFlash:” & session.sessionid;
// Check normal cfid and cftoken in cookie
else if( structKeyExists( cookie, “CFID” ) AND structKeyExists( cookie,“CFTOKEN” ) ){
return prefix & hash( cookie.cfid & cookie.cftoken );
// Check normal cfid and cftoken in URL
else if( structKeyExists( URL, “CFID” ) AND structKeyExists( URL,“CFTOKEN” ) ){
return prefix & hash( URL.cfid & URL.cftoken );
// check session URL Token
else if( isDefined( “session” ) and structKeyExists( session, “URLToken” ) ){
return prefix & session.URLToken;
} else {
message = “Cannot find a jsessionid, URLToken or cfid/cftoken in the cookie scope. Please verify”,
type = “ColdboxCacheFlash.CFIDException”


I know very little (nothing) about how the flash scope works in coldbox but looking at this code I’m not sure how it would work if you have session/client management disabled and have set coldbox to use the cache for flash persistence.

Can someone help me understand what I’m missing? Does this mean that Coldbox depends on session/client management being enabled?

If you disable the sessions scope in ColdFusion you simply need to configure the flash storage to store somewhere else. Like Client.


If I’m not mistaken that is what the flash configuration in the coldbox.cfc is for right? I have that set to “cache” per my first post, but am still running into issues.

I guess part of my point though is that I’m not sure how it would work in the first place because the framework code that I posted earlier appears to error when session is disabled. Unless getFlashKey() isn’t supposed to be called when session is disabled and I simply have something misconfigured.

Not sure right off. I’d say you either have the config wrong or this is a regression in ColdBox 5. Perhaps ColdBox 5 is creating the flash storage before it reads the config? You can debug it yourself or put in a ticket and Luis can look into it. Not many people have sessions turned off so I could see it being a bug that went unnoticed.