ColdFusion session management is enabled by default. It utilizes CFID and CFToken as session identifiers. It sends them to the browser as persistent cookies with every request. If cookies are disabled, developers must pass these values in the URL. Session variables are automatically cleared when the session timeout is reached—but not when the browser closes.
Table 1: Default session scope variables:
- It is compatible with all versions of ColdFusion.
- It uses same session identifiers as ColdFusion’s client management.
- It is enabled by default.
- CFID and CFToken are created as persistent cookies.
- You can only use one unnamed application per server instance.
- Sessions persist when the browser closes.
- ColdFusion session scope is not serializable.