RE: Session Management
expire the cookie immediately -Original Message- From: Matt Rodosky [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 06, 2000 1:07 PM To: [EMAIL PROTECTED] Subject: Session Management Is it possible to terminate a session when a user closes their browser?? Its easy when a user logs out, or the session times out, it would be nice if you could also do it when the browser is closed. TIA Matt -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Session Management
I believe you can initiate a CFM logout template by using JavaScript "onClose". I'm not sure of the exact syntax on this, but I'm sure you could find it on http://www.irt.org. ---mark -- Mark Warrick Phone: (714) 547-5386 Efax.com Fax: (801) 730-7289 Personal Email: [EMAIL PROTECTED] Personal URL: http://www.warrick.net Business Email: [EMAIL PROTECTED] Business URL: http://www.fusioneers.com ICQ: 346566 -- > -Original Message- > From: Matt Rodosky [mailto:[EMAIL PROTECTED]] > Sent: Thursday, July 06, 2000 1:07 PM > To: [EMAIL PROTECTED] > Subject: Session Management > > > Is it possible to terminate a session when a user closes their > browser?? Its > easy when a user logs out, or the session times out, it would be > nice if you > could also do it when the browser is closed. > > TIA > Matt > > -- > > Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ > To Unsubscribe visit > http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf > _talk or send a message to [EMAIL PROTECTED] with > 'unsubscribe' in the body. -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebarRsts&bodyRsts/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Session Management
eg: I think :) -Original Message- From: Steve DeWitt [mailto:[EMAIL PROTECTED]] Sent: Friday, 7 July 2000 8:43 AM To: '[EMAIL PROTECTED]' Subject: RE: Session Management expire the cookie immediately -Original Message- From: Matt Rodosky [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 06, 2000 1:07 PM To: [EMAIL PROTECTED] Subject: Session Management Is it possible to terminate a session when a user closes their browser?? Its easy when a user logs out, or the session times out, it would be nice if you could also do it when the browser is closed. TIA Matt -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
Re: Session Management
>Is it possible to terminate a session when a user closes their browser?? Its >easy when a user logs out, or the session times out, it would be nice if you >could also do it when the browser is closed. Not really, AFAIK. There is no javascript "onQuit" event or similar - although there is an "onUnload" which is parsed whenever the current page location changes. I would just consider making the session timeout shorter. Rob Keniger -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Session Management
>expire the cookie immediately This won't work if you are using CF's session management because you don't specifically set cookies - it either uses CFID and CFTOKEN stored as a cookie OR as a URL argument. The expiration of the cookies is set by ColdFusion and is tied to the session timeout value. Many users don't accept cookies so relying on cookies alone to manage state is not a good idea. You should test for cookie ability at the start of a session and pass the values as a token on the URLs if cookies are not enabled by appending something like #application.addtoken# to every URL. More work, but it gives you fairly bulletproof session management. --- Rob Keniger -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
Re: Session Management
>From the teamallaire tutuorials. http://www.teamallaire.com/tutorials/ How do I kill all session variables when a user closes their browser? The Situation: You want to make sure that when a user closes their browser, any session variables that have been established die. The Solution: Place this code in your application.cfm file (or your appGlobals.cfm file if you're using Fusebox). While your user keeps their browser open, session variables will stay alive, but will die when the browser is closed. - Original Message - From: "Matt Rodosky" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, July 06, 2000 4:07 PM Subject: Session Management > Is it possible to terminate a session when a user closes their browser?? Its > easy when a user logs out, or the session times out, it would be nice if you > could also do it when the browser is closed. > > TIA > Matt > > -- > Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ > To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Session Management
> > expire the cookie immediately ... > eg: > > I think :) You can create "session cookies", which will expire when the browser is closed, by leaving off the EXPIRES parameter: Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Session Management
Thanks Michael, great resource. -Original Message- From: Michael P. Morris [mailto:[EMAIL PROTECTED]] Sent: Friday, July 07, 2000 8:03 AM To: [EMAIL PROTECTED] Subject: Re: Session Management >From the teamallaire tutuorials. http://www.teamallaire.com/tutorials/ How do I kill all session variables when a user closes their browser? The Situation: You want to make sure that when a user closes their browser, any session variables that have been established die. The Solution: Place this code in your application.cfm file (or your appGlobals.cfm file if you're using Fusebox). While your user keeps their browser open, session variables will stay alive, but will die when the browser is closed. - Original Message - From: "Matt Rodosky" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, July 06, 2000 4:07 PM Subject: Session Management > Is it possible to terminate a session when a user closes their browser?? Its > easy when a user logs out, or the session times out, it would be nice if you > could also do it when the browser is closed. > > TIA > Matt > > -- > Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ > To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Session Management
Use the onUnload() event handler within the BODY tag to run a template with this code: That will take care of it. Chris Christopher Conrad Victoria's Secret Catalogue http://www.VictoriasSecret.com Senior.Programmer.Analyst 614.337.5653 [EMAIL PROTECTED] > -Original Message- > From: Matt Rodosky [SMTP:[EMAIL PROTECTED]] > Sent: Thursday, July 06, 2000 4:07 PM > To: [EMAIL PROTECTED] > Subject: Session Management > > Is it possible to terminate a session when a user closes their browser?? > Its > easy when a user logs out, or the session times out, it would be nice if > you > could also do it when the browser is closed. > > TIA > Matt > > -- > > Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ > To Unsubscribe visit > http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or > send a message to [EMAIL PROTECTED] with 'unsubscribe' in > the body. -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
Re: Session Management
Forget where I got this frombut it works. Place it in the Application.cfm Julie -Original Message- From: Conrad, Christopher <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]> Date: Friday, July 07, 2000 3:50 PM Subject: RE: Session Management >Use the onUnload() event handler within the BODY tag to run a template with >this code: > > > > > >That will take care of it. > >Chris > >Christopher Conrad >Victoria's Secret Catalogue >http://www.VictoriasSecret.com >Senior.Programmer.Analyst >614.337.5653 >[EMAIL PROTECTED] > > >> -Original Message- >> From: Matt Rodosky [SMTP:[EMAIL PROTECTED]] >> Sent: Thursday, July 06, 2000 4:07 PM >> To: [EMAIL PROTECTED] >> Subject: Session Management >> >> Is it possible to terminate a session when a user closes their browser?? >> Its >> easy when a user logs out, or the session times out, it would be nice if >> you >> could also do it when the browser is closed. >> >> TIA >> Matt >> >> - - >> >> Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ >> To Unsubscribe visit >> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or >> send a message to [EMAIL PROTECTED] with 'unsubscribe' in >> the body. >--- --- >Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ >To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
Re: session management
The SessionTimeOut and ApplicationTimeout has a 1 day before they can kill the variables. That's what I think where the problem is. Rob << Hey all, I am having a serious session management problem. Here is my cfapplication tag ... When I was working with the application last night I had a cfid of 71. This morning when I come back in (machine was shutdown last night) and logged back into the application I had a cfid of 71 and the stuff that I put into the shopping cart last night showed up. What am I doing wrong!!! Tim Bahlke, CIFO thinkcreate.com p. 336.230.0575 f. 336.230.0083 >> -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: session management
Sessions are stored in Server Memory. When you shutdown the machine last night, your session data was destroyed. Your CFID was stored in a cookie on your machine, so it was still the same. If you want your session data to persist longer, you might want to investigate client variables. I would strongly recommend thougholy reading the CFDOCS on session and client vars before proceeding. -Cameron Cameron Childress McRae Communications p. 770-460-7277 x.232 f. 770-460-0963 > -Original Message- > From: Tim Bahlke [mailto:[EMAIL PROTECTED]] > Sent: Friday, July 14, 2000 9:55 AM > To: Cf-Talk > Subject: session management > > > Hey all, > > I am having a serious session management problem. Here is my > cfapplication > tag ... > >SESSIONMANAGEMENT="Yes" > SESSIONTIMEOUT="#CreateTimeSpan(0,1,0,0)#" > APPLICATIONTIMEOUT="#CreateTimeSpan(0,1,0,0)#"> > > When I was working with the application last night I had a cfid > of 71. This > morning when I come back in (machine was shutdown last night) and logged > back into the application I had a cfid of 71 and the stuff that I put into > the shopping cart last night showed up. > > What am I doing wrong!!! > > > Tim Bahlke, CIFO > thinkcreate.com > p. 336.230.0575 > f. 336.230.0083 > > > > -- > > Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ > To Unsubscribe visit > http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf _talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: session management
I thought the CreateTimeSpan function syntax was days, hours, minutes, seconds. If this is correct (I am referencing CFML Language Reference in Studio) then I have the Session and Application set to timeout in 1 hour. Tim Bahlke, CIFO thinkcreate.com p. 336.230.0575 f. 336.230.0083 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, July 14, 2000 10:10 AM To: [EMAIL PROTECTED] Subject: Re: session management The SessionTimeOut and ApplicationTimeout has a 1 day before they can kill the variables. That's what I think where the problem is. Rob << Hey all, I am having a serious session management problem. Here is my cfapplication tag ... When I was working with the application last night I had a cfid of 71. This morning when I come back in (machine was shutdown last night) and logged back into the application I had a cfid of 71 and the stuff that I put into the shopping cart last night showed up. What am I doing wrong!!! Tim Bahlke, CIFO thinkcreate.com p. 336.230.0575 f. 336.230.0083 >> -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: session management
I'm assuming you were expecting your shopping cart to be gone after an hour? Any session variables are destroyed after an hour, but your CFID is set in a cookie. If your shopping cart was in session variables it would be gone, but I'm assuming you wrote it to a database with an ID of 71, and so it persisted overnight. If you want to "kill" the shopping cart when the session variables timeout, do something like the following: Session.active will disappear after an hour of them not using the site. The one thing this won't do is clean up shopping carts that have been abandoned by people who don't return. HTH, Dan -Original Message- From: Tim Bahlke [mailto:[EMAIL PROTECTED]] Sent: Friday, July 14, 2000 6:55 AM To: Cf-Talk Subject: session management Hey all, I am having a serious session management problem. Here is my cfapplication tag ... When I was working with the application last night I had a cfid of 71. This morning when I come back in (machine was shutdown last night) and logged back into the application I had a cfid of 71 and the stuff that I put into the shopping cart last night showed up. What am I doing wrong!!! Tim Bahlke, CIFO thinkcreate.com p. 336.230.0575 f. 336.230.0083 -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
Re: session management
On 7/14/00, [EMAIL PROTECTED] penned: >The SessionTimeOut and ApplicationTimeout has a 1 day before they can kill >the variables. That's what I think where the problem is. No, he has it set for 1 hour. I can't explain why the contents would have still been in the cart, unless the clock on the server stopped while it was shut down. :) Are you sure you didn't set the cart as client.cart instead of session.cart (or whatever)? Does anyone know if clientmanagement is enabled by default? Or must it be set as "YES" in cfapplication. >Rob > > ><< Hey all, > > I am having a serious session management problem. Here is my cfapplication > tag ... > > SESSIONMANAGEMENT="Yes" > SESSIONTIMEOUT="#CreateTimeSpan(0,1,0,0)#" > APPLICATIONTIMEOUT="#CreateTimeSpan(0,1,0,0)#"> > > When I was working with the application last night I had a cfid of 71. This > morning when I come back in (machine was shutdown last night) and logged > back into the application I had a cfid of 71 and the stuff that I put into > the shopping cart last night showed up. -- Bud Schneehagen - Tropical Web Creations _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ ColdFusion Solutions / eCommerce Development [EMAIL PROTECTED] http://www.twcreations.com/ 954.721.3452 -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: session management
this mailing list is your absolute best source for information. Ask and learn :) Bryan Love ACP Internet Application Developer [EMAIL PROTECTED] -Original Message- From: Savan Thongvanh [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 28, 2001 11:24 AM To: CF-Talk Subject: session management anyone seen a good article online about session management? I've tried a few common places. had trouble finding one even on sys-con.com. sheesh. ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: Session Management
I am looking for a tag or script that will allow a user to continue their session when it has expired due to their lack of using the site. I have looked at cfdev.com and checked out theirs, but it doesn't seem to work very well. Thanks - Original Message - From: "Chad McCue" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Tuesday, November 02, 2004 10:11 AM Subject: Session Management > I am looking for a tag or script that will allow a user to continue their session when it has expired due to their lack of using the site. I have looked at cfdev.com and checked out theirs, but it doesn't seem to work very well. > > Thanks > > > > ~| Sams Teach Yourself Regular Expressions in 10 Minutes by Ben Forta http://www.houseoffusion.com/banners/view.cfm?bannerid=40 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:183173 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Session Management
> From: Chad McCue [mailto:[EMAIL PROTECTED] > Sent: Tuesday, November 02, 2004 1:57 PM > Subject: Re: Session Management > I am looking for a tag or script that will allow a user to > continue their session when it has expired due to their lack > of using the site. I have looked at cfdev.com and checked out > theirs, but it doesn't seem to work very well. > From: "Chad McCue" <[EMAIL PROTECTED]> > Sent: Tuesday, November 02, 2004 10:11 AM > Subject: Session Management > > I am looking for a tag or script that will allow a user to > continue their > session when it has expired due to their lack of using the > site. I have > looked at cfdev.com and checked out theirs, but it doesn't > seem to work very > well. Why the repost? Michael T. Tangorre ~| Purchase from House of Fusion, a Macromedia Authorized Affiliate and support the CF community. http://www.houseoffusion.com/banners/view.cfm?bannerid=37 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:183179 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Session Management
You could a) increase the session timeout b) use client scope note that if you use client scope, you can't store complex variables there (like queries or structures). --Ben Chad McCue wrote: > I am looking for a tag or script that will allow a user to continue their session > when it has expired due to their lack of using the site. I have looked at cfdev.com > and checked out theirs, but it doesn't seem to work very well. > > Thanks > > > > ~| Get the mailserver that powers this list at http://www.houseoffusion.com/banners/view.cfm?bannerid=17 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:183195 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Session Management
I just store login information in a cookie. Then, if the session has timed out, I reload the session using the login information that is stored in the cookie. The user never knows they lost their session due to inactivity. -Original Message- From: Chad McCue [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 02, 2004 9:12 AM To: CF-Talk Subject: Session Management I am looking for a tag or script that will allow a user to continue their session when it has expired due to their lack of using the site. I have looked at cfdev.com and checked out theirs, but it doesn't seem to work very well. Thanks ~| Sams Teach Yourself Regular Expressions in 10 Minutes by Ben Forta http://www.houseoffusion.com/banners/view.cfm?bannerid=40 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:183227 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Session Management
Michael, does this mean if a logged-in user goes off to lunch without logging out, their machine is still logged in (in effect) all day (if it's a long lunch with the sales department booze-heads) or even all night too? Isn't that a security risk? Cheers Mike Kear Windsor, NSW, Australia AFP Webworks http://afpwebworks.com .com,.net,.org domains from AUD$20/Year On Tue, 2 Nov 2004 20:35:13 -0600, Dawson, Michael <[EMAIL PROTECTED]> wrote: > I just store login information in a cookie. Then, if the session has > timed out, I reload the session using the login information that is > stored in the cookie. The user never knows they lost their session due > to inactivity. > > > ~| Sams Teach Yourself Regular Expressions in 10 Minutes by Ben Forta http://www.houseoffusion.com/banners/view.cfm?bannerid=40 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:183229 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Session Management
That is correct with our current implementation. In our computer labs, we strongly instruct that students log completely out of the computer, in effect closing the browser. In administrative or faculty offices, users lock their computers when they walk away and, being a small university, we have the luxury of knowing when a "stranger" is around. Without going into large security discussions, it's been this way for over two years and there has never been an issue with it. In fact, I always leave my computer unlocked, but I have an office with a lockable door. However, I have been considering adding a timeout so that users must log back in when their sessions expire. It would sure make my coding much easier. BTW, all the boozers our in our IT dept. ;-) _ From: Mike Kear [mailto:[EMAIL PROTECTED] Sent: Tue 11/2/2004 9:30 PM To: CF-Talk Subject: Re: Session Management Michael, does this mean if a logged-in user goes off to lunch without logging out, their machine is still logged in (in effect) all day (if it's a long lunch with the sales department booze-heads) or even all night too? Isn't that a security risk? Cheers Mike Kear Windsor, NSW, Australia AFP Webworks http://afpwebworks.com .com,.net,.org domains from AUD$20/Year On Tue, 2 Nov 2004 20:35:13 -0600, Dawson, Michael <[EMAIL PROTECTED]> wrote: > I just store login information in a cookie. Then, if the session has > timed out, I reload the session using the login information that is > stored in the cookie. The user never knows they lost their session due > to inactivity. > > > ~| Purchase from House of Fusion, a Macromedia Authorized Affiliate and support the CF community. http://www.houseoffusion.com/banners/view.cfm?bannerid=34 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:183254 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Session Management
hello there, at our college, we made it a policy to have the sessions for our portal appllcation expire after 3 minutes of inactivity. This is to address security and privacy issues. Portal built using PHP and implemented Novell's iChain for single signon ability across any applications that involves authenticating the user. ~| Purchase from House of Fusion, a Macromedia Authorized Affiliate and support the CF community. http://www.houseoffusion.com/banners/view.cfm?bannerid=35 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:183271 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Session Management
Three minutes! Wow! There are a lot of people at our school that can't enter their home address in three minutes. ;-) -Original Message- From: Lawrence Ng [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 03, 2004 10:21 AM To: CF-Talk Subject: RE: Session Management hello there, at our college, we made it a policy to have the sessions for our portal appllcation expire after 3 minutes of inactivity. This is to address security and privacy issues. Portal built using PHP and implemented Novell's iChain for single signon ability across any applications that involves authenticating the user. ~| Special thanks to the CF Community Suite Gold Sponsor - CFHosting.net http://www.cfhosting.net Message: http://www.houseoffusion.com/lists.cfm/link=i:4:183446 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Session Management Errors
I ran into the same problem with an application a while back. I found that changing to eliminated the error and properly set the variable. Scott Scott Brader USAV Group 5485 South Westridge Drive PO Box 510620 New Berlin, WI 53151-0620 Phone: 262.814.2000 Fax: 262.814.2006 Amateurs Practice Until They Get It Right, Experts Practice Until They Can't Get It Wrong Any opinions expressed herein are mine and are not representative of USAV Communications Group. -Original Message- From: c talk [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 08, 2000 10:39 To: cf-talk Subject: Session Management Errors Hi I have an Application.cfm file with this code: That generates the following error: Attempt to access a Session variable when session management is not enabled. Use the CFAPPLICATION tag to enable session management. Note: This feature may have been disabled by the site administrator. The error occurred while evaluating the expression: SESSION.datasource = "Webacctg" The error occurred while processing an element with a general identifier of (CFSET), occupying document position (18:2) to (18:40) in the template file C:\Inetpub\wwwroot\accounting\Application.cfm The specific sequence of files included or processed is: C:\INETPUB\WWWROOT\ACCOUNTING\APPLICATION.CFM * * * * * When I comment the the page works correctly. Also, where would I enable Session Management if it was disabled by the Administrator? Thanks in advance, * john * __ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/ -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: RE: Session Management
Hi, If you are using CF session management, i think you could still use Maybe have a LogOff button and direct them to a template, where you delete your session variables and log off the user. StructClear(Session) has never worked for me on CF4.5, just messes up the session. Any ideas? --- Original Message --- [EMAIL PROTECTED] Wrote on Fri, 7 Jul 2000 16:26:30 +1000 -- >expire the cookie immediately This won't work if you are using CF's session management because you don't specifically set cookies - it either uses CFID and CFTOKEN stored as a cookie OR as a URL argument. The expiration of the cookies is set by ColdFusion and is tied to the session timeout value. Many users don't accept cookies so relying on cookies alone to manage state is not a good idea. You should test for cookie ability at the start of a session and pass the values as a token on the URLs if cookies are not enabled by appending something like #application.addtoken# to every URL. More work, but it gives you fairly bulletproof session management. --- Rob Keniger -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. - Sent using MailStart.com ( http://MailStart.Com/welcome.html ) The FREE way to access your mailbox via any web browser, anywhere! -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
Re: RE: Session Management
> StructClear(Session) has never worked for me on CF4.5, just > messes up the session. > > Any ideas? See Allaire Knowledge Base article #14143: http://www.allaire.com/handlers/index.cfm?ID=14143&Method=Full Erki -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
Re: Session Management question
I'm not 100% sure I understand your question. If their Session variable is a field that is different from their name, you don't have to do anything special. Just update the database as needed. If your SessionID IS their name, you might want to look into assigning the Session variable a value from a field that can't be changed .. perefferably a field with a value unique to that person. Or, to simply make the Session variable match the new name, just set the session variable to the new name right after it is updated in the database. Todd Ashworth - Original Message - From: "Craig A. Zingerline" <[EMAIL PROTECTED]> To: "cf-talk" <[EMAIL PROTECTED]> Sent: Friday, July 14, 2000 2:48 PM Subject: Session Management question | Hello, | | I have an application that allows a user to log in, and once authenticated | and logged in, their accountID is pulled from the database table and is set | in a session variable. From this, I want to display a welcome message | saying something like 'Hello, [contact name], you receive a [discount] % | discount.' Both the contact name and discount are stored in the table, | along with their AccountID. My question is this: If I want to allow that | user to be able to change their name while logged in, how do I make sure | that the session variable for the name is updated when they make a change? | I have had problems trying to get this to work. Thanks for any help. | | Sincerely, | | Craig -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Session Management question
Todd, Thanks for your response. What I have right now is an AccountID, Message, and Contact name that are in a table. When the user logs in and is authenticated, I set the session variable to the AccountID for that user, which never changes. Then, to show the contact name, I run a query on the pages that need to display the name. I pull the name based on the session.AccountID. I would like to get rid of that query and just set a session variable for their name once they log in to save a little processing time. However, when they make a change to the database for their name I can't get the session variable updated. I've tried a number of things, but can't get the session variable to update until I close my browser. Any help is greatly appreciated. Cheers, Craig Craig A. Zingerline Advanced Media Productions Web Application Developer [EMAIL PROTECTED] Phone: 508.647.5151 Fax: 508.647.5150 -Original Message- From: Todd Ashworth [mailto:[EMAIL PROTECTED]] Sent: Friday, July 14, 2000 4:51 PM To: [EMAIL PROTECTED] Subject: Re: Session Management question I'm not 100% sure I understand your question. If their Session variable is a field that is different from their name, you don't have to do anything special. Just update the database as needed. If your SessionID IS their name, you might want to look into assigning the Session variable a value from a field that can't be changed .. perefferably a field with a value unique to that person. Or, to simply make the Session variable match the new name, just set the session variable to the new name right after it is updated in the database. Todd Ashworth - Original Message - From: "Craig A. Zingerline" <[EMAIL PROTECTED]> To: "cf-talk" <[EMAIL PROTECTED]> Sent: Friday, July 14, 2000 2:48 PM Subject: Session Management question | Hello, | | I have an application that allows a user to log in, and once authenticated | and logged in, their accountID is pulled from the database table and is set | in a session variable. From this, I want to display a welcome message | saying something like 'Hello, [contact name], you receive a [discount] % | discount.' Both the contact name and discount are stored in the table, | along with their AccountID. My question is this: If I want to allow that | user to be able to change their name while logged in, how do I make sure | that the session variable for the name is updated when they make a change? | I have had problems trying to get this to work. Thanks for any help. | | Sincerely, | | Craig -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: session management help please
As there is no responce to my original question, am i to determine that this either can not be done, or it is just that nobody on this list knows the answer? Rino >From: Seth Skager <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: CF-Talk <[EMAIL PROTECTED]> >Subject: session management help please >Date: Tue, 13 Jan 2004 20:30:34 -0800 (PST) > >I'm writing my first application. I will be useing a >secure section on my site you need to login to. I can >set up a logout linkto end a session. I can end a >session if the user closes the browser. my question >is, is there a way to kill or end the session if the >user navigates outside of my domain? For example, a >user is logged in on my site and clicks his home >button. Is there a way to end the session at that >point? > >thanx; >Rinopod > >__ >Do you Yahoo!? >Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes >http://hotjobs.sweepstakes.yahoo.com/signingbonus > [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: session management help please
No way that I know of At 01:14 PM 1/17/2004, you wrote: >As there is no responce to my original question, am i to determine that this >either can not be done, or it is just that nobody on this list knows the >answer? > >Rino > > >From: Seth Skager <[EMAIL PROTECTED]> > >Reply-To: [EMAIL PROTECTED] > >To: CF-Talk <[EMAIL PROTECTED]> > >Subject: session management help please > >Date: Tue, 13 Jan 2004 20:30:34 -0800 (PST) > > > >I'm writing my first application. I will be useing a > >secure section on my site you need to login to. I can > >set up a logout linkto end a session. I can end a > >session if the user closes the browser. my question > >is, is there a way to kill or end the session if the > >user navigates outside of my domain? For example, a > >user is logged in on my site and clicks his home > >button. Is there a way to end the session at that > >point? > > > >thanx; > >Rinopod > > > >__ > >Do you Yahoo!? > >Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes > >http://hotjobs.sweepstakes.yahoo.com/signingbonus > > > >-- >[ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: session management help please
If the user is using the same browser window, use the OnUnload function of JS to check if the location is not within your domain. If so, close the session. - Original Message - From: NANCY SKAGER To: CF-Talk Sent: Saturday, January 17, 2004 1:14 PM Subject: RE: session management help please As there is no responce to my original question, am i to determine that this either can not be done, or it is just that nobody on this list knows the answer? Rino >From: Seth Skager <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: CF-Talk <[EMAIL PROTECTED]> >Subject: session management help please >Date: Tue, 13 Jan 2004 20:30:34 -0800 (PST) > >I'm writing my first application. I will be useing a >secure section on my site you need to login to. I can >set up a logout linkto end a session. I can end a >session if the user closes the browser. my question >is, is there a way to kill or end the session if the >user navigates outside of my domain? For example, a >user is logged in on my site and clicks his home >button. Is there a way to end the session at that >point? > >thanx; >Rinopod > >__ >Do you Yahoo!? >Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes >http://hotjobs.sweepstakes.yahoo.com/signingbonus > [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: session management help please
NANCY SKAGER wrote: > As there is no responce to my original question, am i to determine that this > either can not be done, or it is just that nobody on this list knows the > answer? It can not be done reliably. It would require sending a message from the browser to the server the moment the browser navigates away. But the browser is under control from the visitor, not from you. Jochem -- I don't get it immigrants don't work and steal our jobs - Loesje [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: session management help please
Nevermind answered too soon. If there was a way to determine where the user was going, you could using the OnUnload event however not sure you can determine that. - Original Message - From: ColdFusion To: CF-Talk Sent: Saturday, January 17, 2004 1:35 PM Subject: Re: session management help please If the user is using the same browser window, use the OnUnload function of JS to check if the location is not within your domain. If so, close the session. - Original Message - From: NANCY SKAGER To: CF-Talk Sent: Saturday, January 17, 2004 1:14 PM Subject: RE: session management help please As there is no responce to my original question, am i to determine that this either can not be done, or it is just that nobody on this list knows the answer? Rino >From: Seth Skager <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: CF-Talk <[EMAIL PROTECTED]> >Subject: session management help please >Date: Tue, 13 Jan 2004 20:30:34 -0800 (PST) > >I'm writing my first application. I will be useing a >secure section on my site you need to login to. I can >set up a logout linkto end a session. I can end a >session if the user closes the browser. my question >is, is there a way to kill or end the session if the >user navigates outside of my domain? For example, a >user is logged in on my site and clicks his home >button. Is there a way to end the session at that >point? > >thanx; >Rinopod > >__ >Do you Yahoo!? >Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes >http://hotjobs.sweepstakes.yahoo.com/signingbonus > [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: session management help please
Thank you so much... I thought that this was going to be the only way to pull this off. I guess at any rate I can add this to the macormedia wish list for the next version of coldfusion. Macormedia really needs to add a new and better tags for session management. ROFLMAO... If I was a better programmer at c or java, I'ld write my own custom tag to handle this and make lots of $$$! But for now I see that clodfusion can not do this so I need to crack open my dust covered JS books! Thanks for all your help; Rino >From: "ColdFusion" <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: CF-Talk <[EMAIL PROTECTED]> >Subject: Re: session management help please >Date: Sat, 17 Jan 2004 13:35:19 -0500 > >If the user is using the same browser window, use the >OnUnload function of JS to check if the location is not within >your domain. If so, close the session. > > > - Original Message - > From: NANCY SKAGER > To: CF-Talk > Sent: Saturday, January 17, 2004 1:14 PM > Subject: RE: session management help please > > > As there is no responce to my original question, am i to determine that >this > either can not be done, or it is just that nobody on this list knows the > answer? > > Rino > > >From: Seth Skager <[EMAIL PROTECTED]> > >Reply-To: [EMAIL PROTECTED] > >To: CF-Talk <[EMAIL PROTECTED]> > >Subject: session management help please > >Date: Tue, 13 Jan 2004 20:30:34 -0800 (PST) > > > >I'm writing my first application. I will be useing a > >secure section on my site you need to login to. I can > >set up a logout linkto end a session. I can end a > >session if the user closes the browser. my question > >is, is there a way to kill or end the session if the > >user navigates outside of my domain? For example, a > >user is logged in on my site and clicks his home > >button. Is there a way to end the session at that > >point? > > > >thanx; > >Rinopod > > > >__ > >Do you Yahoo!? > >Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes > >http://hotjobs.sweepstakes.yahoo.com/signingbonus > > > > [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: session management help please
ColdFusion wrote:
> Nevermind answered too soon. If there was a way to determine
> where the user was going, you could using the OnUnload event
> however not sure you can determine that.
Naturally I don't know about you, but the prefs.js configuration
file of my Firebird profile has the following line:
user_pref("capability.policy.default.Window.onunload","noAccess");
This means that no onunload event gets fired ever, so your method
would fail.
Jochem
--
I don't get it
immigrants don't work
and steal our jobs
- Loesje
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
Re: session management help please
NANCY SKAGER wrote: > Thank you so much... I thought that this was going to be the only way to > pull this off. I guess at any rate I can add this to the macormedia wish > list for the next version of coldfusion. Macormedia really needs to add a > new and better tags for session management. IMHO, requesting client side features for ColdFusion does not make sense. > But for now I see that clodfusion can not do this so I need to crack open my > dust covered JS books! Which will not help you either. The visitor is in control. The visitor decides (through his browser policy) which event get sent back to the server. The choice whether a request should be send back to the server on event X is simply not up to the server. That is the way it works, and that is the way it should work. Jochem -- I don't get it immigrants don't work and steal our jobs - Loesje [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: session management help please
I'm wondering why Nancy wants to end session variables in the way she describes. Perhaps there are other ways of achieving her goal. For example, perhaps a clunky one, she could set very short lived session variables and refresh them on each page request for another very short period of time. When the visitor leaves her site, the session will end shortly thereafter. - Regards, Bob Haroche O n P o i n t S o l u t i o n s www.OnPointSolutions.com [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: session management help please
Great points Jochem, as always. Although this is no answer, I think this is part of the greater issues we hit sometimes when trying to take web browser based development beyond where it can comfortably go. In my mind we are hitting the ceiling of what can be done in a browser in many ways. Luckily Macromedia realize this, Central is a reflection of this IMHO. Kind Regards - Mike Brunt Webapper Services LLC Web Site http://www.webapper.com Blog http://www.webapper.net Webapper -Original Message- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Saturday, January 17, 2004 11:42 AM To: CF-Talk Subject: Re: session management help please NANCY SKAGER wrote: > Thank you so much... I thought that this was going to be the only way to > pull this off. I guess at any rate I can add this to the macormedia wish > list for the next version of coldfusion. Macormedia really needs to add a > new and better tags for session management. IMHO, requesting client side features for ColdFusion does not make sense. > But for now I see that clodfusion can not do this so I need to crack open my > dust covered JS books! Which will not help you either. The visitor is in control. The visitor decides (through his browser policy) which event get sent back to the server. The choice whether a request should be send back to the server on event X is simply not up to the server. That is the way it works, and that is the way it should work. Jochem -- I don't get it immigrants don't work and steal our jobs - Loesje _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: session management help please
> > I'm writing my first application. I will be useing a > > secure section on my site you need to login to. I can > > set up a logout linkto end a session. I can end a > > session if the user closes the browser. my question > > is, is there a way to kill or end the session if the > > user navigates outside of my domain? For example, a > > user is logged in on my site and clicks his home > > button. Is there a way to end the session at that > > point? > > As there is no responce to my original question, am i to > determine that this either can not be done, or it is just > that nobody on this list knows the answer? As Jochem pointed out, you can not do this reliably with web applications. This has nothing to do with ColdFusion, per se, but rather with the very nature of HTTP. You can implement a client-side solution using _javascript_, but you can't guarantee that it will work in all cases, and if your goal is security, it would probably have to work in all cases to be effective. Why exactly do you want to log the user out if she goes to a different page, anyway? What if the user clicks the "home" button by mistake? For most applications, it's sufficient to ensure that the session is disconnected when the user closes her browser. You can do this by creating "session" cookies which are destroyed when the browser is closed. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ phone: 202-797-5496 fax: 202-797-5444 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: session management help please
the reason I would like to end sessions in thos way is the fact that a certain page on the site will have a chatroom on it. A user can spend a unknown amount of time there, then either surf to other sections of the site, of surf somewhere else. if the person does leave the site and then returns, I want them to have to sign in again. This is of course for reasons of security. I also will be adding a include file that that tells the number of active sessions out of the number of registered users. It will also include a link to see who is online. As you can see it will be wise to be albe to end a session if a user surfs away form the site. Any thoughts on this? thanks; Rino >From: "Bob Haroche" <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: CF-Talk <[EMAIL PROTECTED]> >Subject: Re: session management help please >Date: Sat, 17 Jan 2004 12:33:46 -0800 > >I'm wondering why Nancy wants to end session variables in the way she >describes. Perhaps there are other ways of achieving her goal. > >For example, perhaps a clunky one, she could set very short lived >session variables and refresh them on each page request for another >very short period of time. When the visitor leaves her site, the >session will end shortly thereafter. > > >- >Regards, >Bob Haroche >O n P o i n t S o l u t i o n s >www.OnPointSolutions.com > > > [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: session management help please
Thank you so much... I thought that this was going to be the only way to pull this off. I guess at any rate I can add this to the macormedia wish list for the next version of coldfusion. Macormedia really needs to add a new and better tags for session management. ROFLMAO... If I was a better programmer at c or java, I'ld write my own custom tag to handle this and make lots of $$$! >> Well I wouldn't specifically blame Macromedia for this. That is just the way web browsers work. They are "stateless" so once a request is completed the web server doesn't give a damn what the client/browser does. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: session management help please
You can check the HTTP_REFERER to see if they came from your domain or somewhere else So if they come in from anywhere outside of your domain, you can make them log in. If you really want to be strict about it, put a redirect in the http header that will log them out if they are inactive for more than x seconds. On the logout page you can clear/delete the sessions. If they leave the site without logging out, then you can delete any sessions that have been inactive for more than x seconds. You might chew up a lot of server resources doing this, but you could make your stats a little more accurate. Actually, now that i think about it, you don't neecessarily need the redirect, unless you want to clear the page of whatever was on it Hope that helps -w At 03:49 PM 1/17/2004, you wrote: >the reason I would like to end sessions in thos way is the fact that a >certain page on the site will have a chatroom on it. A user can spend a >unknown amount of time there, then either surf to other sections of the >site, of surf somewhere else. if the person does leave the site and then >returns, I want them to have to sign in again. This is of course for reasons >of security. I also will be adding a include file that that tells the number >of active sessions out of the number of registered users. It will also >include a link to see who is online. As you can see it will be wise to be >albe to end a session if a user surfs away form the site. Any thoughts on >this? > >thanks; >Rino > > >From: "Bob Haroche" <[EMAIL PROTECTED]> > >Reply-To: [EMAIL PROTECTED] > >To: CF-Talk <[EMAIL PROTECTED]> > >Subject: Re: session management help please > >Date: Sat, 17 Jan 2004 12:33:46 -0800 > > > >I'm wondering why Nancy wants to end session variables in the way she > >describes. Perhaps there are other ways of achieving her goal. > > > >For example, perhaps a clunky one, she could set very short lived > >session variables and refresh them on each page request for another > >very short period of time. When the visitor leaves her site, the > >session will end shortly thereafter. > > > > > >- > >Regards, > >Bob Haroche > >O n P o i n t S o l u t i o n s > >www.OnPointSolutions.com > > > > > > > >-- >[ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: session management help please
> You can check the HTTP_REFERER to see if they came from your > domain or somewhere else > > So if they come in from anywhere outside of your domain, you > can make them log in. It's worth pointing out that as HTTP_REFERER is provided by the browser, it cannot be relied upon to be correct or even present. I think that it would only be sent by most browsers if the user clicks on a link from a referring page. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ phone: 202-797-5496 fax: 202-797-5444 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: session management help please
> the reason I would like to end sessions in thos way is the > fact that a certain page on the site will have a chatroom > on it. A user can spend a unknown amount of time there, then > either surf to other sections of the site, of surf somewhere > else. if the person does leave the site and then returns, I > want them to have to sign in again. This is of course for > reasons of security. I also will be adding a include file > that that tells the number of active sessions out of the > number of registered users. It will also include a link to > see who is online. As you can see it will be wise to be > albe to end a session if a user surfs away form the site. > Any thoughts on this? I think that you will be unable to accomplish this in an effective, useful and reliable manner. This simply isn't the way HTTP works. But in any case, I don't agree that it would necessarily be wise to be able to end a session if the user leaves the site. Unless you're concerned about people visiting your site from shared computers, it strikes me as overkill to force a user to login again after going to another page. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ phone: 202-797-5496 fax: 202-797-5444 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: session management help please
Finally it comes to this As an old time chatter myself, I know from experiance, that when you log into a chatroom you can be there anywhere from 5 minutes to a couple of hours. This is the only thing messing with my session management. As I states earlier, I would like to add a who's online link to this site. It would upset me if I logged in a site and it said a friend of mine was online and come to find out they left an hour ago but it still says they ar logged in. So I would need to set my timeout session to about 15 or 20 minutes, as there would be no reason to spend anymore time than that on any given page other than the chatroom page. Again the chatroom page is the only one that is messing with my session management. And yes, I want my chat page on the secured section of my site. Why you ask? Easy, you ever been to a chatroom where no matter what you do somebody has got to be a jerk? I want to be able to suspend account login if needed. DUH! I just had a thought, tell me if this would work. It sounds so simple that it wont work. What if on the chatroom window only I add a extra, very small frame, nothing in it but a little code. I refresh that frame, and that frame only, say every 2 minutes. In that case it should keep the session active, yet should not offer a big bog down in the chat applet. If someone surfs out of the chatroom page, it could load a new page either with out that frame or swap that frame to a page not coded for refresh. In this way useing cookies I could end the session if the browser closes, or by setting my time out the session would end shortly after the user leaves my domain. Will this work? I think it will, tell me what you think. One last quick question for the more expericenced. As you can tell this site will be a online community. It will also offer a e-store. Is it better to write two seperate applications (one for the store and the other to run the site) or, run them under one application? Thanks again; Rino >From: Dave Watts <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: CF-Talk <[EMAIL PROTECTED]> >Subject: RE: session management help please >Date: Sun, 18 Jan 2004 20:46:04 -0500 > > > You can check the HTTP_REFERER to see if they came from your > > domain or somewhere else > > > > So if they come in from anywhere outside of your domain, you > > can make them log in. > >It's worth pointing out that as HTTP_REFERER is provided by the browser, it >cannot be relied upon to be correct or even present. I think that it would >only be sent by most browsers if the user clicks on a link from a referring >page. > >Dave Watts, CTO, Fig Leaf Software >http://www.figleaf.com/ >phone: 202-797-5496 >fax: 202-797-5444 > > [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: session management help please
> As an old time chatter myself, I know from experiance, that > when you log into a chatroom you can be there anywhere from > 5 minutes to a couple of hours. This is the only thing messing > with my session management. As I states earlier, I would like > to add a who's online link to this site. It would upset me if > I logged in a site and it said a friend of mine was online > and come to find out they left an hour ago but it still says > they ar logged in. So I would need to set my timeout session > to about 15 or 20 minutes, as there would be no reason to > spend anymore time than that on any given page other than the > chatroom page. I'm not an expert on chat applications, but most chat software I've seen has the ability to list who's in the chat room at any given moment - chat applications typically maintain a connection to a chat server, and aren't limited by how HTTP works. Depending on the API of your chat software, you may be able to query it from CF to see who's in what room. > DUH! I just had a thought, tell me if this would > work. It sounds so simple that it wont work. What if on the > chatroom window only I add a extra, very small frame, nothing > in it but a little code. I refresh that frame, and that frame > only, say every 2 minutes. In that case it should keep the > session active, yet should not offer a big bog down in the > chat applet. If someone surfs out of the chatroom page, it > could load a new page either with out that frame or swap that > frame to a page not coded for refresh. In this way useing > cookies I could end the session if the browser closes, or by > setting my time out the session would end shortly after the > user leaves my domain. Will this work? I think it will, tell > me what you think. This will allow you to maintain the user's session while that user is within your chat page. This is a pretty common approach to this problem, I think. However, it will not end the session when the user goes to a page outside of your application, as you originally asked. > One last quick question for the more expericenced. As you can > tell this site will be a online community. It will also offer > a e-store. Is it better to write two seperate applications (one > for the store and the other to run the site) or, run them under > one application? If you want to share session data between your store and the rest of the site, it's probably easier to have them within a single application. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ phone: 202-797-5496 fax: 202-797-5444 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: session management help please
Thanks for your input Dave. This is my first time at writing a community, so the chat page lost me. I was trying s hard to think about how to end session management in the case of surfing somewhere else I missed what we call in my graphic design background the "Elegant Simplicity". As I said it never was an issue of the user surfing somewhere else, it was the thought of spending too much time in the chatroom. And no, like any online store, you wnat to move the product... There is no reason to share info from the store to the rest of the site, unless i would like to query the users personal info for shopping cart reasons, but that could be done on a seperate application, yet sending that query to the same database... not as easy as it sounds but you get what I mean... Thanks again Dave, and the rest of you too that commented. I did come up with the solution all on my own, but it was presenting the question to those that would listen that helped Thanks; Rino >From: Dave Watts <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: CF-Talk <[EMAIL PROTECTED]> >Subject: RE: session management help please >Date: Sun, 18 Jan 2004 22:43:17 -0500 > > > As an old time chatter myself, I know from experiance, that > > when you log into a chatroom you can be there anywhere from > > 5 minutes to a couple of hours. This is the only thing messing > > with my session management. As I states earlier, I would like > > to add a who's online link to this site. It would upset me if > > I logged in a site and it said a friend of mine was online > > and come to find out they left an hour ago but it still says > > they ar logged in. So I would need to set my timeout session > > to about 15 or 20 minutes, as there would be no reason to > > spend anymore time than that on any given page other than the > > chatroom page. > >I'm not an expert on chat applications, but most chat software I've seen >has >the ability to list who's in the chat room at any given moment - chat >applications typically maintain a connection to a chat server, and aren't >limited by how HTTP works. Depending on the API of your chat software, you >may be able to query it from CF to see who's in what room. > > > DUH! I just had a thought, tell me if this would > > work. It sounds so simple that it wont work. What if on the > > chatroom window only I add a extra, very small frame, nothing > > in it but a little code. I refresh that frame, and that frame > > only, say every 2 minutes. In that case it should keep the > > session active, yet should not offer a big bog down in the > > chat applet. If someone surfs out of the chatroom page, it > > could load a new page either with out that frame or swap that > > frame to a page not coded for refresh. In this way useing > > cookies I could end the session if the browser closes, or by > > setting my time out the session would end shortly after the > > user leaves my domain. Will this work? I think it will, tell > > me what you think. > >This will allow you to maintain the user's session while that user is >within >your chat page. This is a pretty common approach to this problem, I think. >However, it will not end the session when the user goes to a page outside >of >your application, as you originally asked. > > > One last quick question for the more expericenced. As you can > > tell this site will be a online community. It will also offer > > a e-store. Is it better to write two seperate applications (one > > for the store and the other to run the site) or, run them under > > one application? > >If you want to share session data between your store and the rest of the >site, it's probably easier to have them within a single application. > >Dave Watts, CTO, Fig Leaf Software >http://www.figleaf.com/ >phone: 202-797-5496 >fax: 202-797-5444 > > [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: session management help please
- Original Message - From: "NANCY SKAGER" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Sunday, January 18, 2004 8:15 PM Subject: RE: session management help please > Finally it comes to this > > As an old time chatter myself, I know from experiance, that when you log > into a chatroom you can be there anywhere from 5 minutes to a couple of > hours. This is the only thing messing with my session management. As I > states earlier, I would like to add a who's online link to this site. It > would upset me if I logged in a site and it said a friend of mine was online > and come to find out they left an hour ago but it still says they ar logged > in. Is this your biggest concern - doing an accurate "Who's On" list? I'm not certain you can use CF to get any kind of an active-session list for a given application, so you'll need to maintain the list yourself anyway. How you manage that list needn't be related to your login-session managment. You'll need to maintain this list in a persistent data store such as CF's application scope, or in a database. You keep the list current by adding new users to the list when they enter the room, then you keep updating their "last visited" date/time whenever they retrieve a page. Drop users from the list by setting some timeout value of 'X' minutes and deleting those that have expired. This timeout value needn't be related in any way to the timeout of the user's login session. You could, for instance, have a session timeout of one hour, but could use a "Who's On" timeout of 10 minutes. Keep in mind, though, that with a very short who's on timeout, you might see what looks like odd user behavior. Most likely it will look like you have users who come in and leave and keep coming back again and again during what is actually a single visit. > So I would need to set my timeout session to about 15 or 20 minutes, as > there would be no reason to spend anymore time than that on any given page > other than the chatroom page. > > Again the chatroom page is the only one that is messing with my session > management. And yes, I want my chat page on the secured section of my site. > Why you ask? Easy, you ever been to a chatroom where no matter what you do > somebody has got to be a jerk? I want to be able to suspend account login if > needed. > > DUH! I just had a thought, tell me if this would work. It sounds > so simple that it wont work. What if on the chatroom window only I add a > extra, very small frame, nothing in it but a little code. I refresh that > frame, and that frame only, say every 2 minutes. In that case it should keep > the session active, yet should not offer a big bog down in the chat applet. > If someone surfs out of the chatroom page, it could load a new page either > with out that frame or swap that frame to a page not coded for refresh. In > this way useing cookies I could end the session if the browser closes, or by > setting my time out the session would end shortly after the user leaves my > domain. Will this work? I think it will, tell me what you think. Doing this would most likely have exactly the opposite desired effect. Someone goes to your chatroom page, and this bit of code keeps refreshing the page and keeping the user's session alive indefinitely. With absolutely no interaction on their part. They cold have left the computer and gone on vacation for all you know, but they'll appear to remain logged in. Same thing if they (like I do) have 20 browser windows open, forget about the chat window, and go off and visit another site in a different browser window, or start doing something else on the computer for a few hours. > One last quick question for the more expericenced. As you can tell this site > will be a online community. It will also offer a e-store. Is it better to > write two seperate applications (one for the store and the other to run the > site) or, run them under one application? If you have very short session timeouts (15 or 20 minutes qualifies), then it's going to be an inconvenience for shoppers unless you keep their shopping carts intact between sessions. Someone puts a dozen items in a shopping cart, gets a phone call, their session times out, and now they have to start shopping again - or not. An inconvenience for them, but ultimately the seller's loss. With reasonable timeouts, a single application is probably best. Probably easier for you to keep track of when coding and easier for your users. It's annoying to be forced to login repeately on different areas of the same web site. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: session management help please
I see what you mean... Thanks for the insite Jim Thanks; Rino >From: "Jim McAtee" <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: CF-Talk <[EMAIL PROTECTED]> >Subject: Re: session management help please >Date: Mon, 19 Jan 2004 01:52:18 -0700 > >- Original Message - >From: "NANCY SKAGER" <[EMAIL PROTECTED]> >To: "CF-Talk" <[EMAIL PROTECTED]> >Sent: Sunday, January 18, 2004 8:15 PM >Subject: RE: session management help please > > > > Finally it comes to this > > > > As an old time chatter myself, I know from experiance, that when you log > > into a chatroom you can be there anywhere from 5 minutes to a couple of > > hours. This is the only thing messing with my session management. As I > > states earlier, I would like to add a who's online link to this site. It > > would upset me if I logged in a site and it said a friend of mine was >online > > and come to find out they left an hour ago but it still says they ar >logged > > in. > >Is this your biggest concern - doing an accurate "Who's On" list? > >I'm not certain you can use CF to get any kind of an active-session list >for >a given application, so you'll need to maintain the list yourself anyway. > >How you manage that list needn't be related to your login-session >managment. >You'll need to maintain this list in a persistent data store such as CF's >application scope, or in a database. You keep the list current by adding >new >users to the list when they enter the room, then you keep updating their >"last visited" date/time whenever they retrieve a page. Drop users from >the >list by setting some timeout value of 'X' minutes and deleting those that >have expired. This timeout value needn't be related in any way to the >timeout of the user's login session. You could, for instance, have a >session >timeout of one hour, but could use a "Who's On" timeout of 10 minutes. >Keep >in mind, though, that with a very short who's on timeout, you might see >what >looks like odd user behavior. Most likely it will look like you have users >who come in and leave and keep coming back again and again during what is >actually a single visit. > > > So I would need to set my timeout session to about 15 or 20 minutes, as > > there would be no reason to spend anymore time than that on any given >page > > other than the chatroom page. > > > > Again the chatroom page is the only one that is messing with my session > > management. And yes, I want my chat page on the secured section of my >site. > > Why you ask? Easy, you ever been to a chatroom where no matter what you >do > > somebody has got to be a jerk? I want to be able to suspend account >login >if > > needed. > > > > DUH! I just had a thought, tell me if this would work. It >sounds > > so simple that it wont work. What if on the chatroom window only I add a > > extra, very small frame, nothing in it but a little code. I refresh that > > frame, and that frame only, say every 2 minutes. In that case it should >keep > > the session active, yet should not offer a big bog down in the chat >applet. > > If someone surfs out of the chatroom page, it could load a new page >either > > with out that frame or swap that frame to a page not coded for refresh. >In > > this way useing cookies I could end the session if the browser closes, >or >by > > setting my time out the session would end shortly after the user leaves >my > > domain. Will this work? I think it will, tell me what you think. > >Doing this would most likely have exactly the opposite desired effect. >Someone goes to your chatroom page, and this bit of code keeps refreshing >the >page and keeping the user's session alive indefinitely. With absolutely no >interaction on their part. They cold have left the computer and gone on >vacation for all you know, but they'll appear to remain logged in. Same >thing if they (like I do) have 20 browser windows open, forget about the >chat >window, and go off and visit another site in a different browser window, or >start doing something else on the computer for a few hours. > > > One last quick question for the more expericenced. As you can tell this >site > > will be a online community. It will also offer a e-store. Is it better >to > > write two seperate applications (one for the store and the other to run >the > > site) or, run them under one application? > >If you have very short session timeouts (15 or 20 m
Re: Session management with cookies enabled or disabled
See application.cfm in CFWACK 3rd ed p 656 (in Ch 27) best, paul At 11:29 AM 4/5/01 +1200, you wrote: >I am wondering if anyone has any ideas on recommended practices for session >management where the users may or may not have cookies enabled. ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: Session management with cookies enabled or disabled
> I am wondering if anyone has any ideas on recommended practices for session > management where the users may or may not have cookies enabled. > This app is interesting in the way that it detects and handles cookies/URL tokens. It is pretty straight forward and may give you some ideas? http://cfhub.com/contributions/backbutton/ ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
