The client variables debacle
Nathan Strutz recently said that client variables are no good to use. From reading his entire post, he isn't saying that the concept is flawed, just the current implementation. He even suggests how they may could be improved. I blogged about the overhead caused by client variables back in 2003, the problem was that even if you check disable global client variable updates ColdFusion was still hitting the DB server on every page request. This was in ColdFusion 6.1, I haven't retested for 7.0 yet.
Nathan also points out that All options are server-wide, it would be cool to have different options for each application. Don't forget that there are some options for client variables in the
cfapplication tag such as the
clientmanagement attribute that lets you turn it on and off,
clientstorage attribute lets you specify which datasource to use (must be enabled for client storage in admin first), or registry, or cookie, and
setclientcookies can be enabled or disabled on an application basis. See the docs for the
cfapplication tag. So you can create a database for each application to use, then for each db you can set the purge time, and disable global client variable updates. Am I missing something here?
Nathan also suggests that we need more options for client storage, how about using files or a proprietary client variable server (aka state server). I agree more options are better, but I'm curious to know what advantages a proprietary client variable server would have, why not just fix how CF uses a database server?
If your going to use them, decouple them
I applaud Nathan for bringing this up again, he raises some good points. While I wouldn't go as far to say we should never use them, I would be take care as to how you use them, and I highly recommend de-coupling them from your application logic. So create a CFC that uses client variables inside to manage state, and if you want to change to session, or your own db implementation you can change how it all works without effecting your entire code base.
- Client Variables unnecessary overhead? - December 4, 2003
- Fixinator and Foundeo Security Bundle - May 14, 2019
- CFSummit 2016 Slides - October 17, 2016
- Scope Injection in CFML - March 3, 2015
- CFDocs site now Open Source - October 4, 2013
- What is the difference between ASCII Chr(10) and Chr(13)
- Fixinator and Foundeo Security Bundle
- Running CFML on AWS Lambda with FuseLess Slides
- Updating Java on ColdFusion or Lucee
- ColdFusion returning empty response with server-error: true
- Careful applying CF11u16, CF2016u8, CF2018u2
- Sessions don't work in Chrome but do in IE
- csrfVerifyToken does not invalidate the token