The best approach is to use the know trick to expire the cookies when the browser closes.
But this still holds that info in the session for the length of time that the session lives for, so the best thing to do is to ignore session id's and then allow the application to set a GUID for the user in session for look ups by the application. And to also look at timing out sessions for a period of 10-15 mins as well of no activity by code. There are many ways to achieve this, but the best way to achieve this is to flowchart your process and you can see potential problems that might not be though off. On 5/11/07, Won Lee <[EMAIL PROTECTED]> wrote: > > Hi, > > I want to edit the values of someone else's session variables. I have a > session variable named session.user.isLoggedIn. I want to set it to 0. I > have the session.sessionID. > > The reason I want to do this is because I want to be able to close my old > session when I log in from another computer. The scenario is this. > > I log into computer A and my sessionID is MyApp_1111_11111. I forget to > log off and go home. I input my username and password. The system tells me > that I'm already logged on and asks me if I want to close my old > session. If I click on Yes, the system will query the DB and based on my > userID it will return my old sessionID. At the very least I want to change > my session.user.isLoggedIn = 0 for sessionID MyApp_1111_11111. Afterwards > the system will log me and create a new sessionID, MyApp_2222_22222 or some > other ID. > > TIA, > Won > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJQ Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:277695 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4