I think this technique assumes the entire site is protected and the user
must be logged in to see any of it. What if part of the site is unprotected
and part is? This is the situation I'm in. How do you let the user log out
of the protected area and still browse the unprotected area as "anonymous"?
I can kill the session variables but the CFID/CFTOKEN session vars are
retained in memory and don't go away until the user has closed the
application.
Any suggestions how to log out in this situation? Does setting these two
session vars to "" do it? Advisable?
----- Original Message -----
From: "Ledwith, Brian" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Wednesday, July 11, 2001 11:35 AM
Subject: RE: Client Variables NOT expiring
> Stephen-
>
> To kill a users session, and clean everything up, I have a logout page
with
> the following:
>
> <cfset client.userid = 0>
> <cfset client.parentid = 0>
> <cfset client.useridtypes = "">
> <cfset DeleteClientVariable("E_ID")>
> <cfset DeleteClientVariable("D_ID")>
> <cfset DeleteClientVariable("S_ID")>
> <cfset DeleteClientVariable("I_List")>
> <cfset DeleteClientVariable("Co_List")>
> <cfset DeleteClientVariable("Cl_List")>
> <cfset DeleteClientVariable("VPN")>
> <cfcookie name="VISITORID" value="" expires="NOW">
> <cfcookie name="CFID" value="" expires="NOW">
> <cfcookie name="CFTOKEN" value="" expires="NOW">
> <cfcookie name="CFMAGIC" value="" expires="NOW">
>
> ....and then use Dan G. Switzers "cf_location" to kick the user to a "You
> have logged out". I think I got it from the dev exchange...
>
> <cf_location url="Goodbye.cfm?RN=#CreateUUID()#" addtoken="NO">
>
> The next user is then able to log into a completly fresh environment. May
> seem excessive, but we have multiple unique users acessing the site from
the
> same computer (teachers and students in a school PC lab).
>
> HTH,
> ~bgl
>
>
>
>
> -----Original Message-----
> From: Stephen R. Cassady [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 11, 2001 12:03 PM
> To: CF-Talk
> Subject: RE: Client Variables NOT expiring
>
>
> Dylan Bromby
> [EMAIL PROTECTED]
>
>
> Dylan;
> Sorry - but for some strange reason I have not yet received your first
> reply! In any case - I will go play with DeleteClientVariable(), though
what
> I really need is for the CFID and CFTOKEN cookies to disappear form the
> client browser. They seem to "remain". So, I close my browser, but on
return
> to the site - the system still knows my CFID and CFTOKEN! As far as I can
> tell - this shouldn't be happening. It's a security issue that I need to
> overcome.
>
> Thank you for your time,
> Stephen R. Cassady
> [EMAIL PROTECTED]
>
>
> -----Original Message-----
> From: Dylan Bromby [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 11, 2001 9:40 AM
> To: [EMAIL PROTECTED]
> Cc: 'Stephen R. Cassady'
> Subject: RE: Client Variables NOT expiring
>
>
> i sent a reply to this yesterday. have you tried the
DeleteClientVariable()
> function?
>
> -----Original Message-----
> From: Stephen R. Cassady [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 11, 2001 8:18 AM
> To: CF-Talk
> Subject: Client Variables NOT expiring
>
>
>
> I'm having the darnedest time trying to delete client files on browser
close
> or after a period of time. I'm even trying to follow Hal Helms great
> "Tracking State Management with Cold Fusion" to run this correctly. Even
> running the code below - the CFID and CFTOKEN are exactly the same, and
are
> unforgotten. They are supposed to disappear, but they don't!
>
> Here's a chuck of my application file:
>
>
> <!--- Application Settings --->
> <cfapplication name="thisapplication" clientmanagement="Yes"
> sessionmanagement="Yes" setclientcookies="Yes"
> sessiontimeout="#CreateTimeSpan(0,0,20,0)#"
> clientstorage="thisapplication_Client">
>
>
> <!--- Expire the Client Variables when the browser closes --->
> <CFIf IsDefined("cookie.CFID") AND Isdefined("cookie.CFTOKEN")>
> <CFSET localCFID = Cookie.CFID>
> <CFSET localCFTOKEN = Cookie.CFTOKEN>
> <CFCOOKIE name="CFID" value="#localCFID#">
> <CFCOOKIE name="CFTOKEN" value="#localCFTOKEN#">
> </CFIF>
>
>
> <!--- Expire the Client Variables on 5 minutes --->
> <CFPARAM NAME="CLIENT.CheckLastVisit"
DEFAULT="#CreateODBCDateTime(Now())#">
> <CFSET Compare = DateCompare(DateAdd("n", "-5",
CreateODBCDateTime(Now())),
> CLIENT.CheckLastVisit)>
> <CFIF Compare IS NOT 1>
> <CFSCRIPT>StructClear(Session);</CFSCRIPT>
> <CFCOOKIE NAME="CFID" VALUE="0" EXPIRES="NOW">
> <CFCOOKIE NAME="CFTOKEN" VALUE="0" EXPIRES="NOW">
> <CFELSE>
> <CFSET CLIENT.CheckLastVisit = CreateODBCDateTime(Now())>
> </CFIF>
>
>
> Help!!!!!!!!!!!!!!!!!
>
> Stephen R. Cassady
> [EMAIL PROTECTED]
> http://www.tallylist.com
>
>
>
> Archives: http://www.mail-archive.com/[email protected]/
> Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
