- Calvin
-----Original Message-----
From: Raymond Camden
Date: 7/22/04 12:13 pm
To: CF-Talk
Subj: Re: CFLogin/Logout and session variables...
CFLogin authorization is not tied to sesison variables in any way. One
way to handle this is to simply clear out session vars when cflogout
is called, or inside the cflogin pair.
Also, in CFMX 6.1, you _can_ tie CFLOGIN to the session scope. Just
use the new loginstorage attribute of cfapplication.
On Thu, 22 Jul 2004 10:52:05 -0400, Jeff Small <[EMAIL PROTECTED]> wrote:
> In the livedocs for cflogin, it says the following:
>
> After a user logs in, the ColdFusion user authorization and authentication
> information remains valid until any of the following happens:
> 1. The login times out. This happens if the user does not request a new page
> for the idleTimeout period.
> 2. The application uses a cflogout tag to log out the user, usually in
> response to the user clicking a logout link or button.
> 3. The user closes the browser.
>
> What happens to any session variables that are created along with
> cfloginuser? If, after I login a user, I create a structure and assign it
> various values at login, what are my best ways to ensure that the session
> variables mimic the behavior above? Keep in mind that I'm using default
> cflogin values, so the idleTimeout value is defaulted to 30 minutes. Do I
> have to make sure that my sessions only last 30 minutes? And if I set my
> sessions to timeout at 30 minutes to match the idleTimeout setting on the
> cflogin, is there any way they can get "out of synch", leaving a hole? I
> just want to make sure that I'm clear on the differences between "session"
> variables, and a "session" that's created by cfloginuser, and the livedocs
> can get confusing sometimes...
>
>
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
