Use our own Session management rather that rely on underlying engine

Description

Rolling our own session management will bring performance and security benefits:

  • Sessions only created when they're really needed

  • Cookie management and stateless requests handled more cleanly

  • Non memory persistence layer (e.g. DB) can be better configurable - i.e. use cachebox cache, or preside object for DB

  • Non-memory persistence layer can perform better: only persist at the very end of a request rather than multiple constant calls as Lucee does built in

  • Only accept session from a cookie. If the CFID does not already exist, ignore it completely (don't start a session with the CFID supplied by the user)

Assignee

Unassigned

Reporter

Dominic Watson

Labels

None

Accepted

Yes

Fix versions

Priority

Medium
Configure