The client variables debacle
Nathan Strutz recently said that client variables are no good to use. From reading his entire post, he isn't saying that the concept is flawed, just the current implementation. He even suggests how they may could be improved. I blogged about the overhead caused by client variables back in 2003, the problem was that even if you check disable global client variable updates ColdFusion was still hitting the DB server on every page request. This was in ColdFusion 6.1, I haven't retested for 7.0 yet.
Nathan also points out that All options are server-wide, it would be cool to have different options for each application. Don't forget that there are some options for client variables in the
cfapplication tag such as the
clientmanagement attribute that lets you turn it on and off,
clientstorage attribute lets you specify which datasource to use (must be enabled for client storage in admin first), or registry, or cookie, and
setclientcookies can be enabled or disabled on an application basis. See the docs for the
cfapplication tag. So you can create a database for each application to use, then for each db you can set the purge time, and disable global client variable updates. Am I missing something here?
Nathan also suggests that we need more options for client storage, how about using files or a proprietary client variable server (aka state server). I agree more options are better, but I'm curious to know what advantages a proprietary client variable server would have, why not just fix how CF uses a database server?
If your going to use them, decouple them
I applaud Nathan for bringing this up again, he raises some good points. While I wouldn't go as far to say we should never use them, I would be take care as to how you use them, and I highly recommend de-coupling them from your application logic. So create a CFC that uses client variables inside to manage state, and if you want to change to session, or your own db implementation you can change how it all works without effecting your entire code base.
- Client Variables unnecessary overhead? - December 4, 2003
- CFDocs site now Open Source - October 4, 2013
- Getting Size of Heap and Non Heap Memory in CFML - July 17, 2013
- Announcing CFML Weekly Email - October 19, 2012
- Client Variable Cookie CFGLOBALS Includes Session Ids - July 14, 2011
- Apache Security Patches on CentOS / RHEL
- FuseGuard 2.4 Released
- New HackMyCF Features
- Blocking .svn and .git Directories on Apache or IIS
- CFDocs site now Open Source
- Getting Size of Heap and Non Heap Memory in CFML
- Firefox Aurora now Supports Content Security Policy 1.0
- Writing Secure CFML cfObjective 2013 Slides