Avoid locking of session variables

In most of our applications, session variables are just used for holding a structure with security information (aka securitycontext). As locking is essential (and not locking can lead to some terrible headache) all readings and writes must be protected (especially if race conditions could occur).
So our approach is to copy the securitycontext on each request into the request scope using the following code:
Application.cfc / onRequest

cflock scope="session" timeout="30" type="readonly"
cfset a_struct_securitycontext=" Duplicate(session.a_struct_securitycontext)"
/cflock

(Of course a check is needed if the securitycontext exists at all ;-)).
Explanation:
Using this way the structure can be accessed without any locking - very important to mention is the Duplicate function because we want a deep copy and not just a reference to the original structure. Be aware of this fact, because the request structure will not change until the next request is executed!