I am building a JS tool that will automate this process. I will post it..
-- Scott Van Vliet Senior Analyst SBC Services, Inc. ITO Enterprise Tools Office: 858.886.3878 Pager: 858.536.0070 Email: [EMAIL PROTECTED] -----Original Message----- From: Shawn Regan [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 03, 2002 9:20 AM To: CF-Talk Subject: RE: Auto logout when leaving the application I believe I got this a while back from hal helms website. <cfif IsDefined("Cookie.CFID") AND IsDefined("Cookie.CFTOKEN")> <cfset cfid_local = Cookie.CFID> <cfset cftoken_local = Cookie.CFTOKEN> <cfcookie name="CFID" value="#cfid_local#"> <cfcookie name="CFTOKEN" value="#cftoken_local#"> </cfif> this kills the client/session variables when the browser closes because it has taken the cookies set by the cfapplication and resets them to expire when the browser closes. Shawn Regan Applications Developer Pacific Technology Solutions -----Original Message----- From: VAN VLIET, SCOTT E (SBCSI) [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 03, 2002 8:49 AM To: CF-Talk Subject: RE: Auto logout when leaving the application I am working on a custom tag that will solve this, and will post it when I finish. -- Scott Van Vliet Senior Analyst SBC Services, Inc. ITO Enterprise Tools Office: 858.886.3878 Pager: 858.536.0070 Email: [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 03, 2002 8:41 AM To: CF-Talk Subject: Re: Auto logout when leaving the application Good question. I am also interested in this response, but with an added element. What if a user closes the browser, how do you kill client/session variables, presumably someone could close the browser thinking they are "logged out", the next person wanders up and sees the first persons information. CC Brian Fox <brianfox To: CF-Talk <[EMAIL PROTECTED]> @sdccd.cc.ca. cc: us> Subject: Auto logout when leaving the application 04/03/02 10:30 AM Please respond to cf-talk What's the best way of handling security for a website that may be used in a kiosk mode? I'm working on a student grade system that does a one time validation and sets a session variable. Timeout is 15 minutes. John may log into the system using a lab computer to retrieve his student grades, become confused, wander to yahoo, read his mail, then leave the computer as is. Sue may come in to use the same machine, go to the grade application to get her grades, and still be logged in as John. Is there a good way to avoid this? I'm thinking about mangling the referer variable and zapping the session variables if the referer is not from the application. i.e. <cfif left(CGI.HTTP_REFERER,X) is not "http://www.gradesrus.com/"; ... session.auth=0> That would solve the 'lost' client wandering out of the site. Leaving the site is equivalent to logging out then (more or less). What about a javascript warning when a person is going to leave the application? I'm not a javascript guru, but it seems like an onunload in the body should be able to give a popup alert and hopefully the ability to cancel the outside navigation. Anyone ever try it? Is there a better approach to this? Thanks! Brian ______________________________________________________________________ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
