I THINK I've got to the bottom of this.. A while back, the client asked for sessions to be expired when the user closed their browser. Enter J2EE session management. Et Voila!
However, although the sessions were expiring properly, CFID and CFID were persistent as they were stored in the users cookie. The users must have all been given a link to the site with the CFID and CFToken in them some time in the past. So, they all assumed the same identity. Now, cos they all had the same identity as they were navigating across the site they would notice their user name change.. "How curious" they would think and then click the little logout button thus expiring the session.. But not just their session.. They log back in, get their username displayed and then user B would see user A's name and then logout.. and on, and on. Solution.. DON'T SEND LINKS OUT WITH CFID IN THE URL AND MAKE SURE SEARCH ENGINES DON'T GET THEM EITHER !!! And.. I implemented a Macromedia fix to force CFID and CFToken to not persist in the same way that JSessionID doesn't persist. Next time the user closes their browser they get a fresh CFID and TOKEN - Sooorted !! http://www.macromedia.com/cfusion/knowledgebase/index.cfm?id=tn_17915 So in conclusion sessions weren't prematurely expiring it was down to cookies. Thanks everyone for your comments. Martin Parry Macromedia Certified Developer http://www.BeetrootStreet.co.uk -----Original Message----- From: Jared Rypka-Hauer - CMG, LLC [mailto:[EMAIL PROTECTED] Sent: 11 March 2005 03:07 To: CF-Talk Subject: Re: Session question To your original question... every click resets the session timer. It only times out IF they have not commited an action (link, form post, etc.) after the timeout value. And you can use sessiontimeout="#createTimeSpan(0,0,30,0)#" in your cfapplication tag to change that from 1000 days (bad idea) to 5 minutes (probably not the best idea either) or anywhere in between. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:198365 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
