Tim, Building on the jsessionid idea, it sounds as though you need to assign 'semirandom' values for that. I don't actually know how the values are chosen, or whether you can intervene, but my idea would be...
jsessionid = <head = normal random value> + <suffix = sub-site> Then you would use a 'normal' timeout, and would not have to track expired jsessionids. When they came back with an unrecognised jsessionid (presumably timed out) you could look at the <suffix> and send the correct logon page. You might have to tweak this a bit to keep the normal jsessionid tracking operational - is there a hard length limit on the cfserver? Any good? Duncan Fenton -----Original Message----- From: Tim Blair [mailto:[EMAIL PROTECTED] Sent: 30 October 2003 10:22 To: [EMAIL PROTECTED] Subject: RE: [ cf-dev ] Session timeouts in multi-site application > one user can have multiple sessions. why not store all their > session id's in a CF struct of some kind? probably in the > client scope. But that wouldn't help if we don't actually know which "session" to look at -- yes we'd have a list of their sessions, but how do we know which one use? No good storing it in the session, and storing it in client/cookies has the same issues as previously stated and ends up with the same problem but looking at it from a different angle. Tim. ------------------------------------------------------- RAWNET LTD - Internet, New Media and ebusiness Gurus. Visit our new website at http://www.rawnet.com for more information about our company, or call us free anytime on 0800 294 24 24. ------------------------------------------------------- Tim Blair Web Application Engineer, Rawnet Limited Direct Phone : +44 (0) 1344 393 441 Switchboard : +44 (0) 1344 393 040 ------------------------------------------------------- This message may contain information which is legally privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any unauthorised disclosure, copying, distribution or use of this information is strictly prohibited. Such notification notwithstanding, any comments, opinions, information or conclusions expressed in this message are those of the originator, not of rawnet limited, unless otherwise explicitly and independently indicated by an authorised representative of rawnet limited. ------------------------------------------------------- -- ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED] -- ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED]
