Most important questions here: what version are you running, and what type of installation?
On Fri, Dec 30, 2011 at 7:26 AM, Ivo Verbeek <[email protected]>wrote: > <cfset this.name = "appname"> > <cfset this.sessionmanagement = "Yes"> > <cfset this.clientmanagement = "No"> > <cfset this.setclientcookies = "No"> > > Results in new CFID & CFTOKEN values being set for every page request. > The onSessionStart is triggered every time. I see the number of active > sessions increasing. This is what I expected to see, after all, I > don't have the application set cookies. Right so far. > If I change to: > > <cfset this.name = "appname"> > <cfset this.sessionmanagement = "Yes"> > <cfset this.clientmanagement = "No"> > <cfset this.setclientcookies = "Yes"> > > It will keep my sessions. Even when I close the browser and re-open > it, the session remains. Again, that is what I expected. Up to the session timeout, yes. > A possible > next step is to remove the setclientcookies again and set the cookies > myself (e.g. to have the cookies being killed when I close the > browser). But now this: > > <cfset this.name = "appname"> > <cfset this.sessionmanagement = "Yes"> > <cfset this.clientmanagement = "No"> > <cfset this.setclientcookies = "Yes"> > <cfset this.sessiontimeout = CreateTimeSpan(0,0,0,5)> > > What I would expect is when I wait for more then 5 seconds before > clicking, it would give me a new session. But it doesn't! That *should* work unless there's something weird going on with Tomcat--I'll test later to see what I find. Again, knowing what version you're running is important. > In fact, I > can wait for minutes and the session still remains. So the > sessiontimeout doesn't seem to work at all. So I close the browser and > re-open it, and new session. Huh?! Are you using J2EE sessions? That behavior is of course consistent with session cookies--is the code you're putting in here literally all that's going on in your Application CFC? > I do not understand, but it is > reproducable. The close-browser-open-browser trick seems to work with > the sessiontimeout, I get new session every time. But it gets even > worse, this is in IE. In Chrome this works differently. I can close- > open-browser with minutes in between and still the session is the > same. But does it timeout after the length of the session timeout set in the admin? That would narrow things down. > And the third signal that something is strange is this: when I > close-open in IE, I get a new session, but I can see that the "active > sessions" has increased by 1, so the old session has not time-outed, > it still exists, but I just got a new one. > I suspect it will time out based on the setting in the admin. > > Please help me. Really need to know the version you're running. :-) > How is the <cfset this.sessiontimeout = > CreateTimeSpan(0,0,0,5)> supposed to work? And is there a difference > possible between just page requests and close-open-browser action? Shouldn't be, unless you're using J2EE sessions. J2EE sessions set session cookies by default so those would be destroyed when you close the browser. If you're not using J2EE sessions those will persist until the duration of the session timeout expires. It sounds like we need to narrow down why this.sessiontimeout isn't behaving as it should for you. > Next is some tests with clientmanagement. Clientmanagement through a > database works fine, but clientmanagement via cookies, like: > Let's focus on the session bit first and we can work on client next. Personally, my answer is always 'don't use client variables." They're unnecessary and evil. :-) That being said they should work fine (and do in my limited experience moving some apps with client variables from CF to OpenBD). I'd be curious to hear more about why specifically you need them though, but again let's focus on one thing at a time. -- Matthew Woodward [email protected] http://blog.mattwoodward.com identi.ca / Twitter: @mpwoodward Please do not send me proprietary file formats such as Word, PowerPoint, etc. as attachments. http://www.gnu.org/philosophy/no-word-attachments.html -- online documentation: http://openbd.org/manual/ google+ hints/tips: https://plus.google.com/115990347459711259462 http://groups.google.com/group/openbd?hl=en
