Not sure if anyone answered this, I've been out of town. I'll give it a
shot in case no-one has...
First, basically all your first bit of code is doing is rewriting the
CFID/CFTOKEN cookies without a specified timeout. This causes the browser
to not write them to disk, and instead only keep the in memory. Since they
are only in memory on the client, once the browser is closed, they are
destroyed. The code bit I listed in my email does exactly the same thing,
only with less code and variable reads and writes. In my opinion it also
looks cleaner.
The second bit of code you have essentially cleans out the client variables
for a particular client who's reached the timeout. If you took the time to
write your CFID/CFTOKEN cookies to timeout in 30 minutes, yes it would be
redundant. I would recommend leaving it in though, even if it's redundant.
When logging people out of a website, I typically like to err on the side of
caution, deleting all variables, resetting cookies, etc...
-Cameron
--------------------
Cameron Childress
elliptIQ Inc.
p.770.460.1035.232
f.770.460.0963
--
http://www.neighborware.com
America's Leading Community Network Software
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, July 26, 2001 3:50 PM
> To: CF-Server
> Subject: RE: Using CFAPP and inactive interfaces...
>
>
> I am using some code that Hal Helms recommends, but now I am sort of
> confused about cookies,
>
> In one action page which checks a user's login I use
>
> <cfif IsDefined("Cookie.CFID") AND IsDefined("Cookie.CFTOKEN")>
> <cfset cfid_local = Cookie.CFID>
> <cfset cftoken_local = Cookie.CFTOKEN>
> <cfcookie name="CFID" value="#cfid_local#">
> <cfcookie name="CFTOKEN" value="#cftoken_local#">
> </cfif>
>
> As I understand it, this destroys the cookies when the browser closes, as
> they are kept in memory of the client, not written to the disk.
> Could I just
> change my code to check for existence of client.CFID/CFTOKEN and
> as you say,
> timeout the client and server when the time limit is reached?
>
> I also use this code to clean out all client variables automatically, is
> this redundant?
>
> <!--- This code deletes client variables after 30 minutes
> --->
> <cfparam name="attributes.TimeOut" default="30">
>
> <cfif DateDiff("n",client.LastVisit,Now()) GTE attributes.TimeOut>
> <cfloop index="var" list="#GetClientVariablesList()#">
> <cfset tmp = DeleteClientVariable(var)>
> </cfloop>
> </cfif>
>
> -----Original Message-----
> From: Cameron Childress [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, July 26, 2001 3:15 PM
> To: CF-Server
> Subject: RE: Using CFAPP and inactive interfaces...
>
>
> > Thanks Mark! That's exactly what I was looking for! Code
> > examples! Anyone have anymore they would like to share?
>
> I have an alternative to Mark's suggestion I would like to
> suggest. If you
> set "setclientcookies" to "No", you don't need the cfif statement because
> then you can just set them manually.
>
> You can also set the EXPIRES attribute of the cookies if you want to time
> them out in synch with your session/client timeout limit. That way, for
> example, you can have the client *AND* server effectively timout
> at the same
> time.
>
> Also, I don't think he meant it this way, but just in case you
> took it this
> way, Mark's example shows how you would use session AND client
> variables in
> the same app, which I have never seen a good reason to do.
>
> Lasty, I hvaen't been folling the thread, so feel free to shoot me if it's
> already been discussed, but I would not store client vars in cookies as
> Mark's example code showed unless you have a really good reason.
>
> <cfapplication
> name="app_name"
> clientmanagement="Yes"
> setclientcookies="No"
> applicationtimeout="#createtimespan(2,0,0,0)#">
>
>
> <cfcookie name="cfid" value="#client.CFID#">
> <cfcookie name="cftoken" value="#client.cftoken#">
>
>
> --------------------
> Cameron Childress
> elliptIQ Inc.
> p.770.460.1035.232
> f.770.460.0963
> --
> http://www.neighborware.com
> America's Leading Community Network Software
>
>
>
>
>
> > -----Original Message-----
> > From: Roberts, William C [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, July 26, 2001 2:46 PM
> > To: CF-Server
> > Subject: RE: Using CFAPP and inactive interfaces...
> >
> >
> >
> > Thanks Mark! That's exactly what I was looking for! Code
> > examples! Anyone
> > have anymore they would like to share?
> >
> > William C. Roberts
> > Engineering Resource Services
> > The Boeing Company
> >
> >
> >
> > -----Original Message-----
> > From: Mark Stewart [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, July 26, 2001 9:46 AM
> > To: CF-Server
> > Subject: RE: Using CFAPP and inactive interfaces...
> >
> >
> > I use this method to kill a users session when they close their browser:
> >
> > <cfapplication
> > name="app_name"
> > clientmanagement="Yes"
> > sessionmanagement="Yes"
> > setclientcookies="Yes"
> > clientstorage="cookie"
> > applicationtimeout="#createtimespan(2,0,0,0)#"
> > sessiontimeout="#createtimespan(0,0,35,0)#">
> >
> > ...
> >
> > <cfif isdefined("cookie.cfid") and isdefined("cookie.cftoken")>
> > <cfset cfid_local = cookie.cfid>
> > <cfset cftoken_local = cookie.cftoken>
> > <cfcookie name="cfid" value="#cfid_local#">
> > <cfcookie name="cftoken" value="#cftoken_local#">
> > </cfif>
> >
> > This works like a charm.
> >
> > Mark
> >
> > -----Original Message-----
> > From: Suzanne Capener [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, July 25, 2001 3:32 PM
> > To: CF-Server
> > Subject: RE: Using CFAPP and inactive interfaces...
> >
> >
> > In coldfusion, when using session variables, closing
> > the browser DOES NOT end the session. The best way is
> > to determine a timeout and then coldfusion will
> > automatically end the session after the user has been
> > inactive for that "timeout" period. this timeout can
> > be set by your application. If the timeout is not set
> > by your application, then the timeout will be set to
> > the default timeout set in ColdFusion administrator.
> >
> > If you want to explicitly kill there session, then
> > clear the session struct.
> > There is a way to kill the session when the user
> > closes the browser as well.
> >
> > --- "Roberts, William C"
> > <[EMAIL PROTECTED]> wrote:
> > >
> > > So if I'm using authentication via the Web server,
> > > then how do I kill their
> > > login to the Web server? The only way I know of
> > > killing it is by closing the
> > > browser window. Any ideas? Please help a "newbie"
> > > on this subject.
> > > Thanks!
> > >
> > > > -----Original Message-----
> > > > From: Justin Buist
> > > [mailto:[EMAIL PROTECTED]]
> > > > Sent: Tuesday, July 24, 2001 12:58 PM
> > > > To: CF-Server
> > > > Subject: Re: Using CFAPP and inactive
> > > interfaces...
> > > >
> > > >
> > > > I'm assuming you are using 20 minutes because
> > > that's what
> > > > session variables time out at by default...
> > > >
> > > > So... just check for the existence of the session
> > > variable(s)
> > > > you set when they do login at the top of all pages
> > > which
> > > > really need it. If they navigate to a page that
> > > needs them
> > > > to be logged in redirect them to the login page
> > > with
> > > > instructions that they sat idle too long.
> > > >
> > > > For the love of God don't try and close down an
> > > application
> > > > on the user's desktop just because they sat idle
> > > too long.
> > > >
> > > > Justin Buist
> > > > Trident Technology, Inc.
> > > > 4700 60th St. SW, Suite 102
> > > > Grand Rapids, MI 49512
> > > > Ph. 616.554.2700
> > > > Fx. 616.554.3331
> > > > Mo. 616.291.2612
> > > >
> > > > On Tue, 24 Jul 2001, Roberts, William C wrote:
> > > >
> > > > >
> > > > > Please help!
> > > > >
> > > > > Anyone have any good examples of using
> > > cfapplication to
> > > > automatically
> > > > > close the browser window after 20 minutes of
> > > inactivity?
> > > > >
> > > > > This is what I have so far:
> > > > >
> > > > > 1. Authentication is handled via the Web server
> > > so I have
> > > > > #REMOTE_USER# available to me.
> > > > >
> > > > > 2. If someone navigates my app after the timeout
> > > period (say 20
> > > > > minutes) I would like the following code below
> > > to run...
> > > > > ==========================================> >
> > > <script
> > > language="JavaScript"><!--
> > > > > alert('You do not have an active\nconnection
> > > with the
> > > > System.\n\nThis
> > > > > may be due to\n20+ minutes of inactivity.\n\nIf
> > > you wish to
> > > > continue
> > > > > working,\nplease login again.'); self.close( );
> > > > > //--></script>
> > > > > <cfabort>
> > > > > ==========================================> >
> > > > > I need help ASAP! Anything would be greatly
> > > appreciated! Thanks!
> > > > > Bill
> > > > >
> > > > >
> > > >
> > >
> >
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
------------------------------------------------------------------------------
To unsubscribe, send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body or visit the list page at www.houseoffusion.com
