Actually, now that I think about it. Use a logout.cfm page to clear the session variables, and put this at the top of that page.
<script language="JavaScript"> window.history.forward(1); </script> Then at the bottom of the logout page use cflocation to go to the index or something. If they click back, it will shoot them forward again. But they still have access to the little drop down back menu, so they could go back 3 or 4 pages, so it's not *totally* secure. The only way I can think of is to include something like: window.history.forward(20); To the top of each page, this they couldn't go back at all anywhere in your site. (20 pages deep anyways) ______________________ steve oliver atnet solutions, inc. http://www.atnetsolutions.com -----Original Message----- From: Steve Oliver [mailto:[EMAIL PROTECTED]] Sent: Friday, February 15, 2002 1:13 AM To: CF-Talk Subject: RE: simple question - how do you manually time out a session variable I use the location.replace() function on my logout page. That works well, but isn't supported by older browsers. So you can use if document.images to test it. On the logout page: <script language="javascript"> If (document.images) location.replace('http://yourserver.com/index.cfm'); Else location.href = 'index.cfm'; </script> ______________________ steve oliver atnet solutions, inc. http://www.atnetsolutions.com -----Original Message----- From: Nathan Chen [mailto:[EMAIL PROTECTED]] Sent: Friday, February 15, 2002 12:58 AM To: CF-Talk Subject: Re: simple question - how do you manually time out a session variable I guess, after solving the killing session issue, my next problem is how to prevent or stop users from clicking the "Back" button in the browser and getting back to the system after they logout. I know this is an old issue and someone has mentioned this before, but I didn't keep those messages. Can someone give me a pointer on how to disable the "Back" button? Thans a lot. Nathan ----- Original Message ----- From: "Steve Oliver" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Thursday, February 14, 2002 10:15 PM Subject: RE: simple question - how do you manually time out a session variable > Why keep the session if there's nothing in it :) > > Dropping the session will log them out. > > If he's tracking loggedin status by isDefined("SESSION.loggedin"), he'd > have to go through and add AND len(SESSION.loggedin) since your way just > sets them to "". > > ______________________ > steve oliver > atnet solutions, inc. > http://www.atnetsolutions.com > > > -----Original Message----- > From: Paul Giesenhagen [mailto:[EMAIL PROTECTED]] > Sent: Thursday, February 14, 2002 11:51 PM > To: CF-Talk > Subject: Re: simple question - how do you manually time out a session > variable > > > Steve's dumps the session totally and my example keeps the session, but > drops anything in it. > > Paul Giesenhagen > QuillDesign > http://www.quilldesign.com > SiteDirector - Commerce Builder > ----- Original Message ----- > From: "Nathan Chen" <[EMAIL PROTECTED]> > To: "CF-Talk" <[EMAIL PROTECTED]> > Sent: Thursday, February 14, 2002 10:48 PM > Subject: Re: simple question - how do you manually time out a session > variable > > > > Thank you, Paul and Steve, for your help. > > > > > > ----- Original Message ----- > > From: "Paul Giesenhagen" <[EMAIL PROTECTED]> > > To: "CF-Talk" <[EMAIL PROTECTED]> > > Sent: Thursday, February 14, 2002 9:31 PM > > Subject: Re: simple question - how do you manually time out a session > > variable > > > > > > > If you are wanting the session to END, just > > > > > > <cfset session.sessionname = ""> > > > > > > (Wrap it in cflock EXCLUSIVE) > > > > > > Paul Giesenhagen > > > QuillDesign > > > http://www.quilldesign.com > > > SiteDirector - Commerce Builder > > > > > > > > > > Hi,All: > > > > > > > > I know you can set time out for a session variable by changing the > > > > default value in CF administration, but can you time out a session > > > > variable manually? For example, if the user clicks a button > called > > > > "logout", then the next page sets the session expire or time out. > > > > > > > > > > > > Nathan > > > > > > > > > > > > > > > ______________________________________________________________________ Why Share? Dedicated Win 2000 Server � PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation � $99/Month � Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusionc FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
