SessionRotate

Last update:

May 18, 2026

Description

Renews the session when started. For example, you want to generate a new session after a successful login. It prevents session attacks, because the session before and after a successful authentication is different.The method,

Creates a session
Copies the data from the old session to the new session
Invalidates the old session
Invalidates or overwrites the old session cookies
Creates new session cookies if the old session cookies are invalidated
Copies and updates client storage data to new session keys

Note: Does not rotate jsessionid when JEE sessions are enabled. This only works with ColdFusion sessions (CFID, CFTOKEN).

Returns

None

Syntax

SessionRotate()

History

ColdFusion 10: Added this function.

Parameters

None

Usage

Use this function to rotate the session.

Example

Application.cfc

<cfcomponent> 

 <cfset this.sessionManagement = true /> 

 <cfset this.name = "session_app" /> 

 </cfcomponent>

sessionRotate.cfm

<cfif isDefined("url.rotate") > 

 <cfset sessionRotate()/> 

 </cfif> 

 <cfif isDefined("url.name") > 

 <cfset session.name = url.name /> 

 </cfif> 

 <cfdump var="#session#" label="SESSION"> 

 <cfoutput> 

 <a href="sessionRotate.cfm?name=BOB">Set session.name = BOB </a> <br/> 

 <a href="sessionRotate.cfm?rotate=TRUE">Rotate the session</a> 

 </cfoutput>

Was this page helpful?

We're glad. Tell us how this page helped.

Found the answer to my problem Understood the instructions Liked the feature

Other suggestions

We're sorry. Can you tell us what didn't work for you?

Didn't find the answer to my problem Couldn't understand the instructions Didn't like the feature

Other suggestions

Thank you for your feedback. Your response will help improve this page.

Was this helpful?

We are sorry the content didn't meet your needs.

Share additional feedback to help us improve.

0/255 | Character limit exceeded.

Thank you so much for sharing your feedback!