> So far my code looks like this in application.cfm after some
> thought over the last hour.
>
> <cfif NOT isdefined('session.cid')>
> <cfapplication name="protect"
> sessionmanagement="yes"
> sessiontimeout="#createtimespan(0,0,0,0)#">
> </cfif>
>
> <cfapplication name="protect"
> clientmanagement="yes"
> sessionmanagement="yes">
>
> But ding dang dong, its still not working:( Any ideas?
This code isn't a good idea. You want your CFAPPLICATION tag to be the same
for every page within the application, no matter what.
> Hi, I'm having a problem using session variables. They are
> set to time out at 120 (2 hours).
>
> However if someone does NOT close his browser and then they
> try to come back to the site after a couple of hours, they
> get an error message.
>
> Is there a way to flush and totally expire session variables
> with some code so that when they revisit after 2 hours, a
> new CFID and CFTOKEN are automatically assigned?
The "newness" of the CFID and CFTOKEN identifiers is irrelevant. By default,
those are set as cookies which persist for a very long time. Basically,
here's what happens with them:
1. You direct your browser to a site using Session variables for the very
first time.
2. The CF server sees that you don't have CFID and CFTOKEN cookies, and sets
those cookies in the response to the very first page request.
3. Your browser accepts those cookies, and returns them on all subsequent
page requests.
4. As appropriate, your application logic creates whatever Session variables
are needed by your application.
5. Until the session times out, for each subsequent page request, the CF
server associates your server-side data in the Session scope with your
browser by comparing CFID and CFTOKEN values from the cookies with the
values listed on the server.
6. After your session times out due to inactivity, on the next request, your
browser still sends the CFID and CFTOKEN cookies.
7. The CF server, however, no longer has any matching data for you in the
Session scope. At this point, it's the responsibility of your application
logic to create new Session values where needed.
Now, let's say you've got an application which requires someone to log in.
To accomplish this, you might do something like this:
<!--- Application.cfm --->
<cfapplication name="myapp" sessionmanagement="true" ...>
<cflock scope="Session" type="readonly" timeout="2" throwontimeout="true">
<cfif not IsDefined("Session.LoggedIn") and cgi.script_name does not
contain "/login">
<cflocation url="/login/login_form.cfm">
</cfif>
</cflock>
<!--- /login/login_action.cfm --->
<cfquery name="qGetLogin" ...>
SELECT COUNT(*) AS LoginCount
FROM Users
WHERE Username = '#Form.Username#'
AND Password = '#Form.Password#'
</cfquery>
<cfif qGetLogin.LoginCount>
<cflock scope="Session" type="exclusive" timeout="2"
throwontimeout="true">
<cfset Session.LoggedIn = "true">
</cflock>
<cfelse>
<cflocation url="/login/login_form.cfm">
</cfif>
In this very simple example, the existence of the Session variable is tested
in Application.cfm, and if it doesn't exist, the user is redirected to the
script which will create it.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
______________________________________________________________________
Your ad could be here. Monies from ads go to support these lists and provide more
resources for the community. http://www.fusionauthority.com/ads.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
