CC, you could have your client (and cookie) vars act like session variables and also "die" when the browser is closed and then put the variable you use to define if the person is logged in (or 'is initialized' or whatever you like to call it) in that scope: check out this snippet and you'll see it does what you want: (I happen to use client vars all the time now since the snippet below allows them to act a lot more like session vars)
<!--- make sure that the client variables die when the browser is closed ---> <cfif IsDefined( "Cookie.CFID" ) AND IsDefined ( "Cookie.CFTOKEN" )> <cfset localCFID = Cookie.CFID> <cfset localCFTOKEN = Cookie.CFTOKEN> <cfcookie name="CFID" value="#localCFID#"> <cfcookie name="CFTOKEN" value="#localCFTOKEN#"> </cfif> ----- Original Message ----- From: <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Wednesday, April 03, 2002 11:41 AM Subject: Re: Auto logout when leaving the application > Good question. I am also interested in this response, but with an added > element. What if a user closes the browser, how do you kill client/session > variables, presumably someone could close the browser thinking they are > "logged out", the next person wanders up and sees the first persons > information. > > CC > > > > Brian Fox > <brianfox To: CF-Talk <[EMAIL PROTECTED]> > @sdccd.cc.ca. cc: > us> Subject: Auto logout when leaving the application > > 04/03/02 > 10:30 AM > Please > respond to > cf-talk > > > > > > > What's the best way of handling security for a website that may be used in > a > kiosk mode? I'm working on a student grade system that does a one time > validation and sets a session variable. Timeout is 15 minutes. > > John may log into the system using a lab computer to retrieve his student > grades, become confused, wander to yahoo, read his mail, then leave the > computer as is. Sue may come in to use the same machine, go to the grade > application to get her grades, and still be logged in as John. Is there a > good way to avoid this? > > I'm thinking about mangling the referer variable and zapping the session > variables if the referer is not from the application. > > i.e. <cfif left(CGI.HTTP_REFERER,X) is not "http://www.gradesrus.com/"; .. > session.auth=0> > > That would solve the 'lost' client wandering out of the site. Leaving the > site is equivalent to logging out then (more or less). > > What about a javascript warning when a person is going to leave the > application? I'm not a javascript guru, but it seems like an onunload in > the body should be able to give a popup alert and hopefully the ability to > cancel the outside navigation. Anyone ever try it? > > Is there a better approach to this? > > Thanks! > Brian > > > ______________________________________________________________________ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
