CFMX7 Standard in Win2K3 Server. I'm using CFLOGIN to authenticate users. The problem is that a users login won't expire when their browser session is idle for longer than the session expiration (currently set to 20 minutes). However, when the browser window is closed, the user login does expire. I thought the advantage of cflogin was that it would handle all of this? Is there something that I'm doing wrong? Code is below.
Pete Application.cfc: <cfset this.name = "idrintranet"> <cfset this.sessionmanagement = "true"> <cfset this.sessiontimeout = "#createTimeSpan(0,0,20,0)#"> <cfset this.applicationtimeout = "#createTimeSpan(0,12,0,0)#"> Auth_script.cfm (include file): <!--- Log the user out ---> <cfif isDefined("URL.a") AND URL.a EQ "logout"> <cfinvoke component="cfc.log" method="writeLog" msgType="Authentication" userid="#getAuthUser()#" logAction="logout" logMessage="#getAuthUser()# has logged out at #now()#"></cfinvoke> <cflogout> <cfset request.errormsg = "You have been logged out."> </cfif> <!--- Log the user in. Set idle timeout to 20 minutes (1200 seconds) ---> <cflogin idletimeout="1200"> <cfif NOT isDefined("cflogin")> <cfinclude template="/inc/auth_form.cfm"> <cfabort> <cfelse> <cfif cflogin.name IS "" OR cflogin.password IS ""> <cfset request.errormsg = "You must provide both userid and password"> <cfinclude template="/inc/auth_form.cfm"> <cfabort> <cfelse> <cfstoredproc procedure="spAuthenticateUser" datasource="idr" password="grouse" debug="Yes" returncode="Yes"> <cfprocparam type="In" cfsqltype="CF_SQL_VARCHAR" dbvarname="userid" value="#cflogin.name#" null="No"> <cfprocparam type="In" cfsqltype="CF_SQL_VARCHAR" dbvarname="password" value="#cflogin.password#" null="No"> <cfprocresult name="loginQuery"> </cfstoredproc> <cfif loginQuery.recordcount EQ 1> <!--- Set the userid as a numeric value in the session scope ---> <cfset session.userid = loginquery.id> <!--- If the login query returns a single record, get the roles for that user ---> <cfstoredproc procedure="spGetGroupsByUser" datasource="idr" returncode="yes"> <cfprocparam cfsqltype="CF_SQL_INTEGER" type="IN" value="#loginQuery.id#"> <cfprocresult name="groupNames"> </cfstoredproc> <!--- Initialize the roles and create a list of roles ---> <cfset tmp = structNew()> <cfset tmp.roles=""> <cfloop query="groupNames"><cfset tmp.roles=listAppend(tmp.roles,groupNames.groupName,",")></cfloop> <cfif listLen(tmp.roles) EQ 0> <!--- If the user has no roles ---> <cfset request.errormsg = "There are no roles defined for that user.<br>Please see your site administrator."> <cfinclude template="/inc/auth_form.cfm"> <cfabort> <cfelse> <!--- If the user has roles, authenticate them ---> <cfloginuser name="#cflogin.name#" password="#cflogin.password#" roles="#tmp.roles#"> </cfif> <cfinvoke component="cfc.log" method="writeLog" msgType="Authentication" userid="#cflogin.name#" logAction="login" logMessage="#cflogin.name# has logged in at #now()#"></cfinvoke> <cfelse> <cfset request.errormsg = "Invalid login, please try again."> <cfinclude template="/inc/auth_form.cfm"> <cfabort> </cfif> </cfif> </cfif> </cflogin> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:218691 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54