refreshing CFID + CFTOKEN with client-side JavaScript?
I'm looking for a way of refreshing a user's session (i.e. setting the timeout back to 20 minutes or whatever) from the client-side - so users can click a button to refresh their session without the page they're on changing at all. How does CF manage session timeouts? I assume it's through the expire value of the CFID and/or CFTOKEN cookies. In which case, could I use client-side JavaScript to reset the expire value of these cookies? I've never used JS to manipulate cookies before: any ideas? - Gyrus - [EMAIL PROTECTED] work: http://www.tengai.co.uk play: http://www.norlonto.net - PGP key available __ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: refreshing CFID + CFTOKEN with client-side JavaScript?
Q. How does CF manage session timeouts? A. CF session variables timeout is primarily controlled by setting the maximum and minimum timeout in your CF Administrator. However, the values controlled by the CF Server can be overridden by setting your own timeout in the CFAPPLCATION tag SESSIONTIMEOUT attribute. e.g. CFAPPLICATION NAME=ETurtle SESSIONTIMEOUT=#CreateTimeSpan(0, 0, 0, 60)# SESSIONMANAGEMENT=Yes Session variables are stored as cookies on the client machine by default, hence the cookie containing the CFID and CFToken. Hope this sheds a bit of light of session variable timeouts? -Original Message- From: Gyrus [mailto:[EMAIL PROTECTED]] Sent: 10 May 2002 13:48 To: CF-Talk Subject: refreshing CFID + CFTOKEN with client-side JavaScript? I'm looking for a way of refreshing a user's session (i.e. setting the timeout back to 20 minutes or whatever) from the client-side - so users can click a button to refresh their session without the page they're on changing at all. How does CF manage session timeouts? I assume it's through the expire value of the CFID and/or CFTOKEN cookies. In which case, could I use client-side JavaScript to reset the expire value of these cookies? I've never used JS to manipulate cookies before: any ideas? - Gyrus - [EMAIL PROTECTED] work: http://www.tengai.co.uk play: http://www.norlonto.net - PGP key available __ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: refreshing CFID + CFTOKEN with client-side JavaScript?
hi gyrus, i'm reading between the lines here, but if i'm understanding you correctly, you want to make sure the session closes when the browser closes--then and only then. if that's the case, i don't think you need js. take a look at the state management tutorials at hal helms' site (http://www.halhelms.com). the viewlet builder that runs them is a pain because it won't resize to 800x600 (in my case), but the information is worth the nuisance. ~ dina - Original Message - From: Gyrus [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Friday, May 10, 2002 7:48 AM Subject: refreshing CFID + CFTOKEN with client-side JavaScript? I'm looking for a way of refreshing a user's session (i.e. setting the timeout back to 20 minutes or whatever) from the client-side - so users can click a button to refresh their session without the page they're on changing at all. How does CF manage session timeouts? I assume it's through the expire value of the CFID and/or CFTOKEN cookies. In which case, could I use client-side JavaScript to reset the expire value of these cookies? I've never used JS to manipulate cookies before: any ideas? - Gyrus - [EMAIL PROTECTED] work: http://www.tengai.co.uk play: http://www.norlonto.net - PGP key available __ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: refreshing CFID + CFTOKEN with client-side JavaScript?
- Original Message - From: Dina Hess [EMAIL PROTECTED] i'm reading between the lines here, but if i'm understanding you correctly, you want to make sure the session closes when the browser closes--then and only then. No - and I know about how to control the session variable to timeout from CF Admin or CFAPPLICATION, thanks Mike! :-) I thought I was pretty specific, but here it is again: How can I refresh the session on the client-side using JavaScript? I want the user to be able to press a button on a page which will have the same effect of any request to the server, i.e. CFID and CFTOKEN get reset to expire in 20 (or whatever) minutes. I just wanted to know: - Are CFID and CFTOKEN values within one cookie or separate cookies? - If separate, do both have their expire value set to the session timeout - meaning both would need to be refreshed to refresh the session - or is it just one of them? Which one? - Does anyone know how I would reset the expire value of the necessary cookie to 20 (or whatever) minutes using client-side JavaScript? Any help on this appreciated, - Gyrus - [EMAIL PROTECTED] work: http://www.tengai.co.uk play: http://www.norlonto.net - PGP key available __ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: refreshing CFID + CFTOKEN with client-side JavaScript?
On Fri, 10 May 2002 15:08:48 +0100, in cf-talk you wrote: How can I refresh the session on the client-side using JavaScript? Use a hidden frame or iframe that does a document.location via Javascript when your button is clicked. Fiddling with cookies won't get you anywhere... CF has to receive a new request before the timeout period. -- Roger __ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: refreshing CFID + CFTOKEN with client-side JavaScript?
- Are CFID and CFTOKEN values within one cookie or separate cookies? the cfid and cftoken cookies (variables) are stored within one file on the client browser. - If separate, do both have their expire value set to the session timeout - meaning both would need to be refreshed to refresh the session - or is it just one of them? Which one? expire values are not set in client cookies. from forta: SESSION variables use cookies to store copies of the CFID and CFTOKEN in order to track the user to one particular browser. However, no other information is stored in cookies. - Does anyone know how I would reset the expire value of the necessary cookie to 20 (or whatever) minutes using client-side JavaScript? session timeout information is not stored with cfid and cftoken in client cookies. in your cfapplication tag, you can setclientcookies='no', then set cookie-scoped cfid and cftoken variables equal to the session-scoped cfid and cftoken variables. since cookie scope does not persist, your cookies will remain intact only until the browser is closed. this technique eliminates two problems: 1) clients with cookies disabled and, 2) session variables persisting after the user has closed his browser. ~ dina __ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: refreshing CFID + CFTOKEN with client-side JavaScript?
in your cfapplication tag, you can setclientcookies='no', then set cookie-scoped cfid and cftoken variables equal to the session-scoped cfid and cftoken variables. since cookie scope does not persist, your cookies will remain intact only until the browser is closed. this technique eliminates two problems: 1) clients with cookies disabled and, 2) session variables persisting after the user has closed his browser. There are two issues with what you've stated. First, the cookie scope can very well persist; it doesn't persist if you omit the EXPIRES attribute in your CFCOOKIE tag, which will create what is often called a session cookie. Second, if the client has cookies completely disabled, this will include session cookies, so you'd then have to pass the CFID and CFTOKEN values from the browser to the server on each subsequent request, either via URL or Form variables. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 __ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: refreshing CFID + CFTOKEN with client-side JavaScript?
yes, those are both good points to consider. thank you for the clarification. :) ~ dina - Original Message - From: Dave Watts [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Friday, May 10, 2002 12:49 PM Subject: RE: refreshing CFID + CFTOKEN with client-side JavaScript? in your cfapplication tag, you can setclientcookies='no', then set cookie-scoped cfid and cftoken variables equal to the session-scoped cfid and cftoken variables. since cookie scope does not persist, your cookies will remain intact only until the browser is closed. this technique eliminates two problems: 1) clients with cookies disabled and, 2) session variables persisting after the user has closed his browser. There are two issues with what you've stated. First, the cookie scope can very well persist; it doesn't persist if you omit the EXPIRES attribute in your CFCOOKIE tag, which will create what is often called a session cookie. Second, if the client has cookies completely disabled, this will include session cookies, so you'd then have to pass the CFID and CFTOKEN values from the browser to the server on each subsequent request, either via URL or Form variables. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 __ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: refreshing CFID + CFTOKEN with client-side JavaScript?
- Original Message - From: Roger B. [EMAIL PROTECTED] How can I refresh the session on the client-side using JavaScript? Use a hidden frame or iframe that does a document.location via Javascript when your button is clicked. Fiddling with cookies won't get you anywhere... CF has to receive a new request before the timeout period. Thanks, I just needed to know if you could sort the session timeout client-side with JS cookie manipulation. I was thinking I'd have to use a frame, though... What I'll have is a session timer in a thin frame across the top - a JS-based clock counting down from 20 minutes, so users know when their time is up. This is for forms that might take longer to fill in (content formatting using ezEdit, etc.). If there's a refresh button in the frame, they can refresh their session before it times out and carry on formatting. thanks again, - Gyrus - [EMAIL PROTECTED] work: http://www.tengai.co.uk play: http://www.norlonto.net - PGP key available __ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists