Coldfusion session variables: How big is too big?

TechBoyJK

Lifer
Oct 17, 2002
16,699
60
91
Hi Guys,

I'm working on a form, and for design/programmatic reasons I need to contain in a session variable as much as 100,000 characters (would be code for a webpage). It would only be temporary and probably not held for more than 10 minutes, but most likely for less than a minute. It's simply held in session in passing a form where people use CKeditor to make a webpage. The page itself needs to be rendered in an individual iFrame, and I can't pass form variables to that iframe.

Question is.. How big is too big? I know that the theoritical limit is going to be based on server memory.
 
 

TechBoyJK

Lifer
Oct 17, 2002
16,699
60
91
Also.. would there be any impact if the session variable that was huge was stored in a cookie versus server memory? it'd be easier on my server, but I don't know if there are any problems with large cookies.
 

KIAman

Diamond Member
Mar 7, 2001
3,342
23
81
I'm not a fan of using session variables but if you must use them, 100,000 characters is not that bad. Just make sure you provide session cleanup rather than letting the server do it.

This situation could be complicated if your application has mutliple concurrent users because each user will spawn their own session object.

If you really want to get technical, you can calculate the average size of the session in memory and multiply it with the max concurrent users you are allowing and keep it well within how much memory is installed on the webserver.

Edit: Session is on the server, cookies on clients. Session persist until timeout or cleanup. Cookies persist until client deletes them. I believe cookies have a size limit so I would check on that before going that route.
 
Last edited:

TechBoyJK

Lifer
Oct 17, 2002
16,699
60
91
I'm not a fan of using session variables but if you must use them, 100,000 characters is not that bad. Just make sure you provide session cleanup rather than letting the server do it.

This situation could be complicated if your application has mutliple concurrent users because each user will spawn their own session object.

If you really want to get technical, you can calculate the average size of the session in memory and multiply it with the max concurrent users you are allowing and keep it well within how much memory is installed on the webserver.

Edit: Session is on the server, cookies on clients. Session persist until timeout or cleanup. Cookies persist until client deletes them. I believe cookies have a size limit so I would check on that before going that route.

Thanks. Yea, I planned on deleting the session variable immediately after it is processed rather than waiting on standard end of session cleanup to wipe it out. This would be the only instance of a session variable being of any significant size, and it would only really be held as a passthrough.. meaning it might only be held in session state for a few seconds, if maybe a minute. So unless every user is validating a webpage they made at the exact same time, there shouldn't be too much impact.
 

TechBoyJK

Lifer
Oct 17, 2002
16,699
60
91
Honestly, I've got my cfapplication tag setup to store session state in cookies anyway, so i don't see how it would affect my server. It would just create a large cookie.