Jim, Thank you very much for the information. nathan
----- Original Message ----- From: "Jim McAtee" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Sunday, February 17, 2002 11:16 PM Subject: Re: Session variable vs. other variables > Nathan, > > You can override the server's default session timeout value by using > cfapplication and the tag's sessiontimeout attribute. Besides the server > default timeout, there's also a maximum timeout value set at the server > level. If you want to set it much higher than 20 minutes, you probably want > to find out from the server's administrators what the maximum value is. > > You _could_ control how long a user can stay on the site, though. Just set > a session variable with the login time. As part of your authentication > security, compare the current time against the login time and kick the user > off if they've overstayed. If that was was what you had in mind. > > "If the session expires, then the users can't go anywhere." > > Usually, you display a message telling the user that they're not logged in > and direct them back to the login screen, allowing them to login again. The > only time I can see a problem with that is if you were to set a relatively > low session timeout, and the session times out while the user is filling in > a form. > > Jim > > > ----- Original Message ----- > From: "Nathan Chen" <[EMAIL PROTECTED]> > To: "CF-Talk" <[EMAIL PROTECTED]> > Sent: Sunday, February 17, 2002 10:50 PM > Subject: Session variable vs. other variables > > > > Hi, All: > > > > I have a program that requires user login(username, password). After > > the users log in the system, I use a session variable to store the users > > IDs and other users' data to determine whether they are allowed to visit > > certain pages. I don't have the control over how long the users can > > stay in the site, and I don't have the control over the setting of > > session variable expiration time on CF server(I don't host the system). > > As you know the session variable expires after certain period of time, > > e.g. 20 minutes set by CF server as default. If the session expires, > > then the users can't go anywhere. I don't want them to experience such > > situation either. I suspect I shouldn't use session variable at all. > > Is cookie a better choice in this case? How do you guys do when dealing > > with such situation? Any idea is appreciated. > > > > Nathan Chen > ______________________________________________________________________ Dedicated Windows 2000 Server PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation � $99/Month � Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusiona FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
