session timeout clarification

Kelly Tetterton Tue, 11 Mar 2003 06:57:51 -0800

Folks --

a colleague of mine asked me to help him with some changes to the way he was treating 
his session variables, but in doing so, I've run into something of a misunderstanding 
of how I *thought* session variables worked. Specifically, in the test code below, I 
would expect that


1) when you came to index.cfm (the home page of the site), you would get fresh session 
info;

2) when the session timed out, you would automatically get fresh cfid/cftoken info;

3) when pasting a url with *old* cfid/cftoken session info, you would automatically be 
delivered new cfid/cftoken session info

4) after a session times out, when coming to the home page again, you'd get fresh 
session info.

#1 and #4 are definitely happening, but #2 and #3 are definitely NOT happening. (And 
yes, I also pushed down the max & default timeouts in my cf admin to match the low 
timeouts in the test code below.) Instead, the pages happily accept the old, clearly 
expired, cfid/cftoken session combos.

So,

-- are my expectations wrong?
-- or am I missing something that I should be doing in the code?
-- or both, perhaps?

I'm willing to accept any or all at this point -- just hoping that someone can point 
me in the right direction.

********* Application.cfm **********************

<cfapplication name="test" sessionmanagement="Yes" setclientcookies="No" 
sessiontimeout="#CreateTimeSpan(0,0,0,5)#">

<cfif IsDefined("Cookie.CFID") and IsDefined("Cookie.CFTOKEN")>
        <cfcookie name="CFID" value="#Cookie.CFID#">
        <cfcookie name="CFTOKEN" value="#Cookie.CFTOKEN#">
<cfelse>
        <cflock scope="SESSION" type="READONLY" timeout="1">
                <cfcookie name="CFID" value="#session.CFID#">
                <cfcookie name="CFTOKEN" value="#session.CFTOKEN#">
        </cflock>
</cfif>

************* index.cfm **************************

<cfoutput>
<a href="dsp_page2.cfm?CFID=#Cookie.CFID#&CFTOKEN=#Cookie.CFTOKEN#">Click here to get 
to page 2</a>
</cfoutput>

*************** dsp_page2.cfm **********************

<cfoutput>
<a href="index.cfm?CFID=#Cookie.CFID#&CFTOKEN=#Cookie.CFTOKEN#">Click here to get to 
page 1</a>
</cfoutput>

***************************************

Kelly Tetterton
Technical Lead - duoDesign
One Web Company. Twice the Results.

847.491.3000 | main
847.491.7125 | direct
847.491.3100 | fax

[EMAIL PROTECTED]
www.duodesign.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
This list and all House of Fusion resources hosted by CFHosting.com. The place for 
dependable ColdFusion Hosting.

                                Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

session timeout clarification

Reply via email to