Content Management
 » 
House of Fusion
 » 
Cold Fusion - Newbie

programmatically change session timeout

View: New views
4 Messages — Rating Filter:   Alert me  

programmatically change session timeout

by John Grubb-2 :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message


I have been away for a few years and am just getting back to work, so please forgive the rookie question.

I need to have a user automatically logged out 30 seconds after leaving my domain. I am not using standard login due to security restraints, but setting up application, client, and session variables. The 30 seconds just ensures enough time for the next page to load and, if it's in my domain, the user should not be logged out. All of the necessary code to clear client variables and uptade database tables is in application.cfc in the onSessionEnd function.

I tried using the old

<cfapplication sessionmanagement="yes" name="MCCLL" sessiontimeout="#createTimeSpan(0,0,0,30)#">

from a cfc via

<cfajaxproxy cfc="cfc/onPageChange" jsclassname="onPageChange">

but the <cfapplication> tag seems to have no effect. I changed the value of a couple of session variables from within the cfc and that works, with no errors, so I know the cfc is executing.

I know dropping the session on an onBeforeUnload JS event would be easier, but I'm trying to drop the session and log out the user only if they go to another domain. I don't want to use the JS

if (event.clientY < 0) logout()

as that logs out on refresh and back.

Here's what I have:

index.cfm:
 <cfajaxproxy cfc="cfc/onPageChange" jsclassname="onPageChange">
    <script language="javascript">
                       
            var changedPage = function(){
                                uid = "<cfoutput>#client.userid#</cfoutput>";
                                fname = "<cfoutput>#client.firstname#</cfoutput>";
                               
                                pc = new onPageChange();
                                //pc.setCallbackHandler(pc_result);
                                //pc.setErrorHandler(pc_error);
                                pc.resetSession(uid,fname);
                                }
                       
                        window.onbeforeunload=changedPage;
    </script>

onPageChange.cfc:
<cffunction name="resetSession" access="remote">
    <cfargument name="uid" required="yes">
    <cfargument name="fname" required="yes">
    <cfif isdefined("session.test")>
                        <cfset session.test=session.test +1>
        <cfelse>
        <cfset session.test = 1>
                </cfif>
    <cfapplication sessionmanagement="yes" name="MCCLL" sessiontimeout="#createTimeSpan(0,0,0,10)#">
       
    </cffunction>
</cfcomponent>

I would really appreciate any suggestions.

Thanks,

CFGunny

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists
Archive: http://www.houseoffusion.com/groups/cf-newbie/message.cfm/messageid:4612
Subscription: http://www.houseoffusion.com/groups/cf-newbie/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=17837.14401.15

RE: programmatically change session timeout

by Dave Phillips-10 :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message


John,

I'm just throwing out an idea here, but instead of executing the
<cfapplication> tag in your onPageChange.cfc, why not just delete the
session variables that maintain the user's 'login' identity?

For example, in one of the applications I support, we set all the 'login'
variables in a 'session.user' scope, like this:

<cfset session.user.authenticated = true>
<cfset session.user.userid = 'whatever'>
... and so on

So, when we want to force a logout, we just do:  <cfset
structDelete(session,"user")>

If you've got the logic set up the way you want and it's simply the deletion
of the 'session' or client variables, you could do something similar where
you have the <cfapplication> tag.

Hope this helps.

Dave

-----Original Message-----
From: John Grubb [mailto:cfgunny@...]
Sent: Wednesday, July 08, 2009 7:50 AM
To: cf-newbie
Subject: programmatically change session timeout


I have been away for a few years and am just getting back to work, so please
forgive the rookie question.

I need to have a user automatically logged out 30 seconds after leaving my
domain. I am not using standard login due to security restraints, but
setting up application, client, and session variables. The 30 seconds just
ensures enough time for the next page to load and, if it's in my domain, the
user should not be logged out. All of the necessary code to clear client
variables and uptade database tables is in application.cfc in the
onSessionEnd function.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists
Archive: http://www.houseoffusion.com/groups/cf-newbie/message.cfm/messageid:4613
Subscription: http://www.houseoffusion.com/groups/cf-newbie/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=17837.14401.15

Re: programmatically change session timeout

by John Grubb-2 :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message


I need to delay the forced logout by enough time for the next page to load. That way, if the user loads a page on my site, the session doesn't end. But, if the user goes outside my site, they are logged off 30 seconds later. Killing the struct destroys the session immediately so the user would have to log back in every time the page refreshes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists
Archive: http://www.houseoffusion.com/groups/cf-newbie/message.cfm/messageid:4614
Subscription: http://www.houseoffusion.com/groups/cf-newbie/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=17837.14401.15

RE: programmatically change session timeout

by Dave Phillips-10 :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message


How about making a javascript function that uses something like this:

setTimeout("checkForLogout()",30000);

Then checkForLogout() would be an ajax call to delete the session if you
want it to.

Still, I don't see how this will work as when you leave the page, I'm not
sure the setTimeout() will still execute the function after the 30 seconds.
You'd have to try it to find out.

Dave

-----Original Message-----
From: John Grubb [mailto:cfgunny@...]
Sent: Wednesday, July 08, 2009 8:42 AM
To: cf-newbie
Subject: Re: programmatically change session timeout


I need to delay the forced logout by enough time for the next page to load.
That way, if the user loads a page on my site, the session doesn't end. But,
if the user goes outside my site, they are logged off 30 seconds later.
Killing the struct destroys the session immediately so the user would have
to log back in every time the page refreshes.



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists
Archive: http://www.houseoffusion.com/groups/cf-newbie/message.cfm/messageid:4615
Subscription: http://www.houseoffusion.com/groups/cf-newbie/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=17837.14401.15
Free embeddable forum powered by Nabble Forum Help