I’m a coldbox newbie, so please excuse if this is a basic question – but I’ve read everything I can find online and watch a bunch of videos, and the answer still isn’t clear to me.
In all of my apps, I need to authenticate the user and then recognize them for the remainder of their session. In my pre-coldbox life, I would simply authenticate the user, look up their user information / privileges in the datastore, and write them all to a struct stored in the session scope. Then, with each request I check to see if the session struct exists, and if so duplicate() it to the Request scope inside a . All subsequent pages use the Request struct if they need User information.
I’m trying to build my next app in ColdBox, and I’m trying to figure out the “best” way to do this. One option is to do (basically) the same thing, but duplicate the Session struct into the prc instead of the Request scope. That’s easy.
I’m wondering if there is a way to use User objects instead. Define User.cfc and a UserService.cfc (as a singleton) as Models, and when someone accesses the site create a User object to hold their information. I could do this with a temporary User object on each page request, but that seems silly. Ideally I’d create the User object when the person logs in, and then destroy it when they log out or the session times out. This would give me the added benefit of being able to see everyone currently using the app (as I could have the UserService keep an array of created User objects, right?)
I know that putting the User object in the Session scope is a bad idea, due to injection scope widening – as a Session times out, the object is left in limbo and isn’t destroyed since it still has references. The documentation suggests using a “provider” to fix this problem, but I don’t understand what that actually does.
It’s also not completely clear to me how you destroy objects in ColdBox. In CF, if I understand correctly, objects are destroyed by simply removing references to them from persistent scopes. I see in WireBox the function clearSingletons(), but is there a specific function for destroying a persistent object?
Thanks for any help!