> i am developing the admin section for my client site and is having a
> problem with killing the login sessin. Users has to login to the
> admin section. My problem after the user has login in, but if they
> close the broswer without logging out first, and then reopen the
> browser, it will bring the page which he/she was working on without
> asking the user to sign on again. It looks like it did not kill
> the session when the user close the browser.
To ensure that the user has to log in after having closed the browser and
reopened it, you need to use "session" cookies instead of persistent
cookies. By default, the cookies that CF creates for session management are
persistent cookies.
To create "session" cookies, you can write them manually yourself in
Application.cfm, with the CFCOOKIE tag:
<cfif not IsDefined("Cookie.CFID")>
<cflock scope="session" type="readonly" timeout="2">
<cfcookie name="CFID" value="#Session.CFID#">
<cfcookie name="CFTOKEN" value="#Session.CFTOKEN#">
</cflock>
</cfif>
When you leave off the EXPIRES parameter, the CFCOOKIE tag will create
non-persistent cookies.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
