Viewing active "sessions" in ColdFusion

Posted by Dan on Feb 8, 2006 @ 3:26 PM

Ever need a snippet to read in the active sessions running on your server? This code was recently posted to the CF-Talk list and I thought it was worth blogging for future reference. (Thanks to Raymond Camden and Dave Carabetta for the information.)

function getSessions(appName) {
    var tracker = createObject("java", "coldfusion.runtime.SessionTracker");
    return tracker.getSessionCollection(appName);
}

variables.numSessions = 0;
variables.sessions = getSessions(application.applicationName);
variables.numSessions = structCount(variables.sessions);

<cfoutput>Total Number of Sessions: #variables.numSessions#</cfoutput>
NOTE:
This code relies on using internal undocumented ColdFusion factories. This means the code could potentially stop working if Adobe ever changes the internal factories.

This code does bring up a potential security issue. If you're on shared host environment, someone could spy on your application's session information if they new the application name. (Which you can also get from using built-in CF service factories.) If you're running commercial applications, you should never run code on a non-sandboxed shared server. Preferably, a commercial application should have it's own dedicated servers.

Categories: HTML/ColdFusion, Java

2 Comments

  • barry.b's Gravatar
    barry.b
    please remember that this is undocumented (unofficial as far as Adobe is concerned) and therefore unsupported.

    which means that in future versions it could be broken/changed and you'd be stuffed.

    unless someone here can convince Adobe to make it official and therefore supported for all future versions of CF....and if you can then I've got a list of other undocumented features that deserve to be kosher as well

    is there any other way to do this, without hooking into the coldfusion.runtime?
  • Dan G. Switzer, II's Gravatar
    Dan G. Switzer, II
    Barney,

    In the past I've just rolled up my own. You create a struct called "ActiveSessions" in the Application scope. If you're using CFMX 7, you can then copy the session into the Application scope when the session is created, and remove it when the onSessionEnd event fires.

Comments for this entry have been disabled.