问题
Manual page tells about bunch of advantages of the J2EE session management (SM) over the ColdFusion SM, but what about other side? Which problems can appear when using J2EE SM?
Also, if J2EE SM is so cool, why ColdFusion SM is still default?
I can see one obvious reason: backwards compatibility. And this is typical for Adobe. Same time I doubt that Adobe cares about compatibility with other CFML engines.
Any other reasons?
回答1:
None that I've found, really. As soon as J2EE session management became available I started using it and have had no troubles.
The only problem I had with it was that even if you turn on J2EE session management, if you "setclientcookies" to yes the CFIDE/CFTOKEN cookie pair is created anyway. That caused a problem in my current environment as there is a policy against persistent cookies.
I suppose if you have a need for a session to remain available if the browser is closed and restarted then the J2EE session management isn't for you.
回答2:
It is harder to make the cookie HTTPOnly, at least with JRun.
来源:https://stackoverflow.com/questions/1984627/disadvantages-of-j2ee-session-management-in-coldfusion