> unauthenticated users and parts are not. In my cflogin I'm
> looking at whether the user's request should be authenticated
> or not. The issue I've run into is when the user's session
> times out while they're using the app, and the next click is
> for an unauthenticated area. Rather than have the user
> continue to the unauthenticated area and receive the public
> navigation bar (as opposed to the authenticated navigation)
> I'd like the user to be forwarded to the login screen.
>
> In the list archives there's an exchange about wanting an
> ASP-style OnEndSession event and how that doesn't really
> exist in CF. Assuming that's still true, does anyone have a
> workaround? One thing that comes to mind is letting the user
> know their session is timing out via popup.
> The other option might be appending a URL parameter whenever
> the user is logged in. The logic in the cflogin would see
> that the user isn't logged in and that the URL parameter says
> they were and therefore the user should be directed to the
> login screen rather than the public area they were requesting.
I would probably use a cookie instead of a URL parameter, but in general,
your idea about having a separate token for previously authenticated users
is how I think I'd handle the situation, if I wanted the same outcome as
you.
But why not just let the user decide that for herself? You can let the user
know when logging in how long a session will last, and document what happens
when a session ends, so that the user can choose to login again if that's
appropriate, or skip it if it's not necessary. I realize that this might not
be appropriate for your situation; I'm just throwing it out there as a
possibility.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
phone: 202-797-5496
fax: 202-797-5444
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
