>>
>> <cfset session.user_id = someVALUE>
>>
>> What's the "best practice" way for killing this when the user
>> closes his browser or leaves the secured area?
>
>You can disconnect a user's session data from that user's browser by making
>the session identification cookies into session cookies. Session cookies are
>destroyed when the browser is closed. If you enable J2EE Sessions within the
>CF Administrator, this will be the default behavior. If you're using CFID
>and CFTOKEN cookies, you'll have to do this yourself:
>
><cfapplication setclientcookies="no" ...>
>
><cfif not IsDefined("Cookie.CFID")>
> <cfcookie name="CFID" value="#Session.CFID#">
> <cfcookie name="CFTOKEN" value="#Session.CFTOKEN#">
></cfif>
>
>The preceding code would go into Application.cfm. The omission of an EXPIRES
>attribute in the CFCOOKIE tag makes the cookie last only until the browser
>is closed. It's also worth noting that this doesn't actually delete the
>session variables, it just breaks the connection between them and the user
>to whom they belonged.
Interestingly, I just posted about this very code:
http://www.houseoffusion.com/cf_lists/messages.cfm/threadid=34869&forumid=4
I'm hearing reports that some of the people who install my app that includes this (only a few) are getting a CF error.
Ideas?
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
