way to handle this is to simply clear out session vars when cflogout
is called, or inside the cflogin pair.
Also, in CFMX 6.1, you _can_ tie CFLOGIN to the session scope. Just
use the new loginstorage attribute of cfapplication.
On Thu, 22 Jul 2004 10:52:05 -0400, Jeff Small <[EMAIL PROTECTED]> wrote:
> In the livedocs for cflogin, it says the following:
>
> After a user logs in, the ColdFusion user authorization and authentication
> information remains valid until any of the following happens:
> 1. The login times out. This happens if the user does not request a new page
> for the idleTimeout period.
> 2. The application uses a cflogout tag to log out the user, usually in
> response to the user clicking a logout link or button.
> 3. The user closes the browser.
>
> What happens to any session variables that are created along with
> cfloginuser? If, after I login a user, I create a structure and assign it
> various values at login, what are my best ways to ensure that the session
> variables mimic the behavior above? Keep in mind that I'm using default
> cflogin values, so the idleTimeout value is defaulted to 30 minutes. Do I
> have to make sure that my sessions only last 30 minutes? And if I set my
> sessions to timeout at 30 minutes to match the idleTimeout setting on the
> cflogin, is there any way they can get "out of synch", leaving a hole? I
> just want to make sure that I'm clear on the differences between "session"
> variables, and a "session" that's created by cfloginuser, and the livedocs
> can get confusing sometimes...
>
>
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
