That doesn't make any sense. What do you do when a user comes to the site for the first time? Clearly there must be logic somewhere the checks whether a session has been set up and sets up one up if there isn't one. Why wouldn't the same logic run after the user's session is cleared?
On 8/3/07, James Smith <[EMAIL PROTECTED]> wrote: > > Simple... > > While structClear(session) will wipe all of the session data it will also > remove the sessionid, cftoken and urltoken so the very next page that > tries > to access any session information will error. > > I can (and currently do) manually clear individual keys from the session > when the user clicks on logout but I can imagine a situation where in 12 > months some other developer stored some new info in the session scope that > isn't being deleted on logoff and causes a debugging problem as the > application breaks. > > If you could force a user to get a new session ID you could forget about > any > data left in the old session because it would no longer be in use, add to > this the fact that the new session would run the onSessionStart() function > and initialise all the variables again and you can surely see why this is > much easier than manually deleting some data then reinitializing some vars > by hand. > > -- > Jay > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Enterprise web applications, build robust, secure scalable apps today - Try it now ColdFusion Today ColdFusion 8 beta - Build next generation apps Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:285350 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
