Nathan, You can override the server's default session timeout value by using cfapplication and the tag's sessiontimeout attribute. Besides the server default timeout, there's also a maximum timeout value set at the server level. If you want to set it much higher than 20 minutes, you probably want to find out from the server's administrators what the maximum value is.
You _could_ control how long a user can stay on the site, though. Just set a session variable with the login time. As part of your authentication security, compare the current time against the login time and kick the user off if they've overstayed. If that was was what you had in mind. "If the session expires, then the users can't go anywhere." Usually, you display a message telling the user that they're not logged in and direct them back to the login screen, allowing them to login again. The only time I can see a problem with that is if you were to set a relatively low session timeout, and the session times out while the user is filling in a form. Jim ----- Original Message ----- From: "Nathan Chen" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Sunday, February 17, 2002 10:50 PM Subject: Session variable vs. other variables > Hi, All: > > I have a program that requires user login(username, password). After > the users log in the system, I use a session variable to store the users > IDs and other users' data to determine whether they are allowed to visit > certain pages. I don't have the control over how long the users can > stay in the site, and I don't have the control over the setting of > session variable expiration time on CF server(I don't host the system). > As you know the session variable expires after certain period of time, > e.g. 20 minutes set by CF server as default. If the session expires, > then the users can't go anywhere. I don't want them to experience such > situation either. I suspect I shouldn't use session variable at all. > Is cookie a better choice in this case? How do you guys do when dealing > with such situation? Any idea is appreciated. > > Nathan Chen ______________________________________________________________________ Why Share? Dedicated Win 2000 Server � PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation � $99/Month � Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusionc FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
