> session variables are automatically deleted when the browser
> is closed. That is their nature.
No, they're not. The server doesn't know when the browser is closed. It only
knows that some period has passed since the last request from that browser.
Also, by default, the cookies created by CF are persistent, so if you open
your browser, go to a site that issues CFID and CFTOKEN cookies, run some
code that manipulates your session data, close your browser and then reopen
it right away, your session data will be intact.
If you want to disconnect a browser from the session data before the session
times out, you have to ensure that the cookies aren't returned by that
browser. Typically, you do this by creating "session" cookies, which are
nonpersistent. You can do this with the CFCOOKIE tag by omitting the EXPIRES
attribute:
<!--- all of this goes in Application.cfm --->
<cfapplication name="foo" setclientcookies="false" sessionmanagement="true"
..>
<cfif not IsDefined("Cookie.CFID")>
<cflock scope="Session" type="readonly" ...>
<cfcookie name="CFID" value="#Session.CFID#">
<cfcookie name="CFTOKEN" value="#Session.CFTOKEN#">
</cflock>
</cfif>
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
______________________________________________________________________
This list and all House of Fusion resources hosted by CFHosting.com. The place for
dependable ColdFusion Hosting.
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
