Client Variables Default Storage
Client variables let you persist user information and preferences between sessions. The Administrator settings are used only if the attribute clientStorage
is not specified in the cfapplication
tag and the variable clientStorage
is not set in Application.cfc. To add a ColdFusion data source to the list of available client storage mechanisms, select the data source from the drop-down list, and then click Add. To set the data source as the default storage mechanism, select the radio button and Click Apply.
The default setting is Cookie. This causes ColdFusion to store potentially sensitive client information in a cookie within the client browser. While this may be the most scalable option, there are serious drawbacks. It places the burden of remembering data onto the client machine, which may not persist cookie details as long as your application requires. It may also lead to security and privacy concerns having that data unsecured on the user’s system.
Another option is Registry. On Windows, this causes ColdFusion to store client information within your system’s registry. On other systems, registry refers to a special text file that Adobe ships with ColdFusion. On a highly trafficked website, this can lead to serious bloat in core operating system files. We strongly recommend against storing client variables in the registry.
The third option is Database, and this is the preferred option for most installations. Once pointed at the correct data source, ColdFusion will take care of instantiating the tables necessary for storing client data. Unique identifiers sent from the client on each request are used to reference data stored in these tables.
If your application does not use client variables we recommend you set this to none.
Note: It is best practice to avoid using client variables altogether. We recommend using session variables for most installations. User specific data that must be saved across sessions should be manually saved to a database.
Client Variables Purge Settings
The default settings here are not optimal and should be changed to those we use as shown above if you are using client variables. Changing them as shown will reduce the impact on the ColdFusion server. For instance, when global client variable updates are enabled ColdFusion will read/write to the client variable store with every request.
Client Variables Purge Interval
Client variables are stored for a pre-determined amount of time for each user session. This setting controls when client variables are expired and purged from the system. You will want to set this value as per the requirements of your unique application. We recommend not setting this to less than 30 minutes for most installations.