session management help please
I'm writing my first application. I will be useing a secure section on my site you need to login to. I can set up a logout linkto end a session. I can end a session if the user closes the browser. my question is, is there a way to kill or end the session if the user navigates outside of my domain? For example, a user is logged in on my site and clicks his home button. Is there a way to end the session at that point? thanx; Rinopod __ Do you Yahoo!? Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes http://hotjobs.sweepstakes.yahoo.com/signingbonus [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: session management help please
As there is no responce to my original question, am i to determine that this either can not be done, or it is just that nobody on this list knows the answer? Rino >From: Seth Skager <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: CF-Talk <[EMAIL PROTECTED]> >Subject: session management help please >Date: Tue, 13 Jan 2004 20:30:34 -0800 (PST) > >I'm writing my first application. I will be useing a >secure section on my site you need to login to. I can >set up a logout linkto end a session. I can end a >session if the user closes the browser. my question >is, is there a way to kill or end the session if the >user navigates outside of my domain? For example, a >user is logged in on my site and clicks his home >button. Is there a way to end the session at that >point? > >thanx; >Rinopod > >__ >Do you Yahoo!? >Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes >http://hotjobs.sweepstakes.yahoo.com/signingbonus > [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: session management help please
No way that I know of At 01:14 PM 1/17/2004, you wrote: >As there is no responce to my original question, am i to determine that this >either can not be done, or it is just that nobody on this list knows the >answer? > >Rino > > >From: Seth Skager <[EMAIL PROTECTED]> > >Reply-To: [EMAIL PROTECTED] > >To: CF-Talk <[EMAIL PROTECTED]> > >Subject: session management help please > >Date: Tue, 13 Jan 2004 20:30:34 -0800 (PST) > > > >I'm writing my first application. I will be useing a > >secure section on my site you need to login to. I can > >set up a logout linkto end a session. I can end a > >session if the user closes the browser. my question > >is, is there a way to kill or end the session if the > >user navigates outside of my domain? For example, a > >user is logged in on my site and clicks his home > >button. Is there a way to end the session at that > >point? > > > >thanx; > >Rinopod > > > >__ > >Do you Yahoo!? > >Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes > >http://hotjobs.sweepstakes.yahoo.com/signingbonus > > > >-- >[ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: session management help please
If the user is using the same browser window, use the OnUnload function of JS to check if the location is not within your domain. If so, close the session. - Original Message - From: NANCY SKAGER To: CF-Talk Sent: Saturday, January 17, 2004 1:14 PM Subject: RE: session management help please As there is no responce to my original question, am i to determine that this either can not be done, or it is just that nobody on this list knows the answer? Rino >From: Seth Skager <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: CF-Talk <[EMAIL PROTECTED]> >Subject: session management help please >Date: Tue, 13 Jan 2004 20:30:34 -0800 (PST) > >I'm writing my first application. I will be useing a >secure section on my site you need to login to. I can >set up a logout linkto end a session. I can end a >session if the user closes the browser. my question >is, is there a way to kill or end the session if the >user navigates outside of my domain? For example, a >user is logged in on my site and clicks his home >button. Is there a way to end the session at that >point? > >thanx; >Rinopod > >__ >Do you Yahoo!? >Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes >http://hotjobs.sweepstakes.yahoo.com/signingbonus > [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: session management help please
NANCY SKAGER wrote: > As there is no responce to my original question, am i to determine that this > either can not be done, or it is just that nobody on this list knows the > answer? It can not be done reliably. It would require sending a message from the browser to the server the moment the browser navigates away. But the browser is under control from the visitor, not from you. Jochem -- I don't get it immigrants don't work and steal our jobs - Loesje [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: session management help please
Nevermind answered too soon. If there was a way to determine where the user was going, you could using the OnUnload event however not sure you can determine that. - Original Message - From: ColdFusion To: CF-Talk Sent: Saturday, January 17, 2004 1:35 PM Subject: Re: session management help please If the user is using the same browser window, use the OnUnload function of JS to check if the location is not within your domain. If so, close the session. - Original Message - From: NANCY SKAGER To: CF-Talk Sent: Saturday, January 17, 2004 1:14 PM Subject: RE: session management help please As there is no responce to my original question, am i to determine that this either can not be done, or it is just that nobody on this list knows the answer? Rino >From: Seth Skager <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: CF-Talk <[EMAIL PROTECTED]> >Subject: session management help please >Date: Tue, 13 Jan 2004 20:30:34 -0800 (PST) > >I'm writing my first application. I will be useing a >secure section on my site you need to login to. I can >set up a logout linkto end a session. I can end a >session if the user closes the browser. my question >is, is there a way to kill or end the session if the >user navigates outside of my domain? For example, a >user is logged in on my site and clicks his home >button. Is there a way to end the session at that >point? > >thanx; >Rinopod > >__ >Do you Yahoo!? >Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes >http://hotjobs.sweepstakes.yahoo.com/signingbonus > [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: session management help please
Thank you so much... I thought that this was going to be the only way to pull this off. I guess at any rate I can add this to the macormedia wish list for the next version of coldfusion. Macormedia really needs to add a new and better tags for session management. ROFLMAO... If I was a better programmer at c or java, I'ld write my own custom tag to handle this and make lots of $$$! But for now I see that clodfusion can not do this so I need to crack open my dust covered JS books! Thanks for all your help; Rino >From: "ColdFusion" <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: CF-Talk <[EMAIL PROTECTED]> >Subject: Re: session management help please >Date: Sat, 17 Jan 2004 13:35:19 -0500 > >If the user is using the same browser window, use the >OnUnload function of JS to check if the location is not within >your domain. If so, close the session. > > > - Original Message - > From: NANCY SKAGER > To: CF-Talk > Sent: Saturday, January 17, 2004 1:14 PM > Subject: RE: session management help please > > > As there is no responce to my original question, am i to determine that >this > either can not be done, or it is just that nobody on this list knows the > answer? > > Rino > > >From: Seth Skager <[EMAIL PROTECTED]> > >Reply-To: [EMAIL PROTECTED] > >To: CF-Talk <[EMAIL PROTECTED]> > >Subject: session management help please > >Date: Tue, 13 Jan 2004 20:30:34 -0800 (PST) > > > >I'm writing my first application. I will be useing a > >secure section on my site you need to login to. I can > >set up a logout linkto end a session. I can end a > >session if the user closes the browser. my question > >is, is there a way to kill or end the session if the > >user navigates outside of my domain? For example, a > >user is logged in on my site and clicks his home > >button. Is there a way to end the session at that > >point? > > > >thanx; > >Rinopod > > > >__ > >Do you Yahoo!? > >Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes > >http://hotjobs.sweepstakes.yahoo.com/signingbonus > > > > [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: session management help please
ColdFusion wrote:
> Nevermind answered too soon. If there was a way to determine
> where the user was going, you could using the OnUnload event
> however not sure you can determine that.
Naturally I don't know about you, but the prefs.js configuration
file of my Firebird profile has the following line:
user_pref("capability.policy.default.Window.onunload","noAccess");
This means that no onunload event gets fired ever, so your method
would fail.
Jochem
--
I don't get it
immigrants don't work
and steal our jobs
- Loesje
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
Re: session management help please
NANCY SKAGER wrote: > Thank you so much... I thought that this was going to be the only way to > pull this off. I guess at any rate I can add this to the macormedia wish > list for the next version of coldfusion. Macormedia really needs to add a > new and better tags for session management. IMHO, requesting client side features for ColdFusion does not make sense. > But for now I see that clodfusion can not do this so I need to crack open my > dust covered JS books! Which will not help you either. The visitor is in control. The visitor decides (through his browser policy) which event get sent back to the server. The choice whether a request should be send back to the server on event X is simply not up to the server. That is the way it works, and that is the way it should work. Jochem -- I don't get it immigrants don't work and steal our jobs - Loesje [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: session management help please
I'm wondering why Nancy wants to end session variables in the way she describes. Perhaps there are other ways of achieving her goal. For example, perhaps a clunky one, she could set very short lived session variables and refresh them on each page request for another very short period of time. When the visitor leaves her site, the session will end shortly thereafter. - Regards, Bob Haroche O n P o i n t S o l u t i o n s www.OnPointSolutions.com [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: session management help please
Great points Jochem, as always. Although this is no answer, I think this is part of the greater issues we hit sometimes when trying to take web browser based development beyond where it can comfortably go. In my mind we are hitting the ceiling of what can be done in a browser in many ways. Luckily Macromedia realize this, Central is a reflection of this IMHO. Kind Regards - Mike Brunt Webapper Services LLC Web Site http://www.webapper.com Blog http://www.webapper.net Webapper -Original Message- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Saturday, January 17, 2004 11:42 AM To: CF-Talk Subject: Re: session management help please NANCY SKAGER wrote: > Thank you so much... I thought that this was going to be the only way to > pull this off. I guess at any rate I can add this to the macormedia wish > list for the next version of coldfusion. Macormedia really needs to add a > new and better tags for session management. IMHO, requesting client side features for ColdFusion does not make sense. > But for now I see that clodfusion can not do this so I need to crack open my > dust covered JS books! Which will not help you either. The visitor is in control. The visitor decides (through his browser policy) which event get sent back to the server. The choice whether a request should be send back to the server on event X is simply not up to the server. That is the way it works, and that is the way it should work. Jochem -- I don't get it immigrants don't work and steal our jobs - Loesje _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: session management help please
> > I'm writing my first application. I will be useing a > > secure section on my site you need to login to. I can > > set up a logout linkto end a session. I can end a > > session if the user closes the browser. my question > > is, is there a way to kill or end the session if the > > user navigates outside of my domain? For example, a > > user is logged in on my site and clicks his home > > button. Is there a way to end the session at that > > point? > > As there is no responce to my original question, am i to > determine that this either can not be done, or it is just > that nobody on this list knows the answer? As Jochem pointed out, you can not do this reliably with web applications. This has nothing to do with ColdFusion, per se, but rather with the very nature of HTTP. You can implement a client-side solution using _javascript_, but you can't guarantee that it will work in all cases, and if your goal is security, it would probably have to work in all cases to be effective. Why exactly do you want to log the user out if she goes to a different page, anyway? What if the user clicks the "home" button by mistake? For most applications, it's sufficient to ensure that the session is disconnected when the user closes her browser. You can do this by creating "session" cookies which are destroyed when the browser is closed. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ phone: 202-797-5496 fax: 202-797-5444 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: session management help please
the reason I would like to end sessions in thos way is the fact that a certain page on the site will have a chatroom on it. A user can spend a unknown amount of time there, then either surf to other sections of the site, of surf somewhere else. if the person does leave the site and then returns, I want them to have to sign in again. This is of course for reasons of security. I also will be adding a include file that that tells the number of active sessions out of the number of registered users. It will also include a link to see who is online. As you can see it will be wise to be albe to end a session if a user surfs away form the site. Any thoughts on this? thanks; Rino >From: "Bob Haroche" <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: CF-Talk <[EMAIL PROTECTED]> >Subject: Re: session management help please >Date: Sat, 17 Jan 2004 12:33:46 -0800 > >I'm wondering why Nancy wants to end session variables in the way she >describes. Perhaps there are other ways of achieving her goal. > >For example, perhaps a clunky one, she could set very short lived >session variables and refresh them on each page request for another >very short period of time. When the visitor leaves her site, the >session will end shortly thereafter. > > >- >Regards, >Bob Haroche >O n P o i n t S o l u t i o n s >www.OnPointSolutions.com > > > [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: session management help please
Thank you so much... I thought that this was going to be the only way to pull this off. I guess at any rate I can add this to the macormedia wish list for the next version of coldfusion. Macormedia really needs to add a new and better tags for session management. ROFLMAO... If I was a better programmer at c or java, I'ld write my own custom tag to handle this and make lots of $$$! >> Well I wouldn't specifically blame Macromedia for this. That is just the way web browsers work. They are "stateless" so once a request is completed the web server doesn't give a damn what the client/browser does. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: session management help please
You can check the HTTP_REFERER to see if they came from your domain or somewhere else So if they come in from anywhere outside of your domain, you can make them log in. If you really want to be strict about it, put a redirect in the http header that will log them out if they are inactive for more than x seconds. On the logout page you can clear/delete the sessions. If they leave the site without logging out, then you can delete any sessions that have been inactive for more than x seconds. You might chew up a lot of server resources doing this, but you could make your stats a little more accurate. Actually, now that i think about it, you don't neecessarily need the redirect, unless you want to clear the page of whatever was on it Hope that helps -w At 03:49 PM 1/17/2004, you wrote: >the reason I would like to end sessions in thos way is the fact that a >certain page on the site will have a chatroom on it. A user can spend a >unknown amount of time there, then either surf to other sections of the >site, of surf somewhere else. if the person does leave the site and then >returns, I want them to have to sign in again. This is of course for reasons >of security. I also will be adding a include file that that tells the number >of active sessions out of the number of registered users. It will also >include a link to see who is online. As you can see it will be wise to be >albe to end a session if a user surfs away form the site. Any thoughts on >this? > >thanks; >Rino > > >From: "Bob Haroche" <[EMAIL PROTECTED]> > >Reply-To: [EMAIL PROTECTED] > >To: CF-Talk <[EMAIL PROTECTED]> > >Subject: Re: session management help please > >Date: Sat, 17 Jan 2004 12:33:46 -0800 > > > >I'm wondering why Nancy wants to end session variables in the way she > >describes. Perhaps there are other ways of achieving her goal. > > > >For example, perhaps a clunky one, she could set very short lived > >session variables and refresh them on each page request for another > >very short period of time. When the visitor leaves her site, the > >session will end shortly thereafter. > > > > > >- > >Regards, > >Bob Haroche > >O n P o i n t S o l u t i o n s > >www.OnPointSolutions.com > > > > > > > >-- >[ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: session management help please
> You can check the HTTP_REFERER to see if they came from your > domain or somewhere else > > So if they come in from anywhere outside of your domain, you > can make them log in. It's worth pointing out that as HTTP_REFERER is provided by the browser, it cannot be relied upon to be correct or even present. I think that it would only be sent by most browsers if the user clicks on a link from a referring page. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ phone: 202-797-5496 fax: 202-797-5444 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: session management help please
> the reason I would like to end sessions in thos way is the > fact that a certain page on the site will have a chatroom > on it. A user can spend a unknown amount of time there, then > either surf to other sections of the site, of surf somewhere > else. if the person does leave the site and then returns, I > want them to have to sign in again. This is of course for > reasons of security. I also will be adding a include file > that that tells the number of active sessions out of the > number of registered users. It will also include a link to > see who is online. As you can see it will be wise to be > albe to end a session if a user surfs away form the site. > Any thoughts on this? I think that you will be unable to accomplish this in an effective, useful and reliable manner. This simply isn't the way HTTP works. But in any case, I don't agree that it would necessarily be wise to be able to end a session if the user leaves the site. Unless you're concerned about people visiting your site from shared computers, it strikes me as overkill to force a user to login again after going to another page. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ phone: 202-797-5496 fax: 202-797-5444 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: session management help please
Finally it comes to this As an old time chatter myself, I know from experiance, that when you log into a chatroom you can be there anywhere from 5 minutes to a couple of hours. This is the only thing messing with my session management. As I states earlier, I would like to add a who's online link to this site. It would upset me if I logged in a site and it said a friend of mine was online and come to find out they left an hour ago but it still says they ar logged in. So I would need to set my timeout session to about 15 or 20 minutes, as there would be no reason to spend anymore time than that on any given page other than the chatroom page. Again the chatroom page is the only one that is messing with my session management. And yes, I want my chat page on the secured section of my site. Why you ask? Easy, you ever been to a chatroom where no matter what you do somebody has got to be a jerk? I want to be able to suspend account login if needed. DUH! I just had a thought, tell me if this would work. It sounds so simple that it wont work. What if on the chatroom window only I add a extra, very small frame, nothing in it but a little code. I refresh that frame, and that frame only, say every 2 minutes. In that case it should keep the session active, yet should not offer a big bog down in the chat applet. If someone surfs out of the chatroom page, it could load a new page either with out that frame or swap that frame to a page not coded for refresh. In this way useing cookies I could end the session if the browser closes, or by setting my time out the session would end shortly after the user leaves my domain. Will this work? I think it will, tell me what you think. One last quick question for the more expericenced. As you can tell this site will be a online community. It will also offer a e-store. Is it better to write two seperate applications (one for the store and the other to run the site) or, run them under one application? Thanks again; Rino >From: Dave Watts <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: CF-Talk <[EMAIL PROTECTED]> >Subject: RE: session management help please >Date: Sun, 18 Jan 2004 20:46:04 -0500 > > > You can check the HTTP_REFERER to see if they came from your > > domain or somewhere else > > > > So if they come in from anywhere outside of your domain, you > > can make them log in. > >It's worth pointing out that as HTTP_REFERER is provided by the browser, it >cannot be relied upon to be correct or even present. I think that it would >only be sent by most browsers if the user clicks on a link from a referring >page. > >Dave Watts, CTO, Fig Leaf Software >http://www.figleaf.com/ >phone: 202-797-5496 >fax: 202-797-5444 > > [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: session management help please
> As an old time chatter myself, I know from experiance, that > when you log into a chatroom you can be there anywhere from > 5 minutes to a couple of hours. This is the only thing messing > with my session management. As I states earlier, I would like > to add a who's online link to this site. It would upset me if > I logged in a site and it said a friend of mine was online > and come to find out they left an hour ago but it still says > they ar logged in. So I would need to set my timeout session > to about 15 or 20 minutes, as there would be no reason to > spend anymore time than that on any given page other than the > chatroom page. I'm not an expert on chat applications, but most chat software I've seen has the ability to list who's in the chat room at any given moment - chat applications typically maintain a connection to a chat server, and aren't limited by how HTTP works. Depending on the API of your chat software, you may be able to query it from CF to see who's in what room. > DUH! I just had a thought, tell me if this would > work. It sounds so simple that it wont work. What if on the > chatroom window only I add a extra, very small frame, nothing > in it but a little code. I refresh that frame, and that frame > only, say every 2 minutes. In that case it should keep the > session active, yet should not offer a big bog down in the > chat applet. If someone surfs out of the chatroom page, it > could load a new page either with out that frame or swap that > frame to a page not coded for refresh. In this way useing > cookies I could end the session if the browser closes, or by > setting my time out the session would end shortly after the > user leaves my domain. Will this work? I think it will, tell > me what you think. This will allow you to maintain the user's session while that user is within your chat page. This is a pretty common approach to this problem, I think. However, it will not end the session when the user goes to a page outside of your application, as you originally asked. > One last quick question for the more expericenced. As you can > tell this site will be a online community. It will also offer > a e-store. Is it better to write two seperate applications (one > for the store and the other to run the site) or, run them under > one application? If you want to share session data between your store and the rest of the site, it's probably easier to have them within a single application. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ phone: 202-797-5496 fax: 202-797-5444 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: session management help please
Thanks for your input Dave. This is my first time at writing a community, so the chat page lost me. I was trying s hard to think about how to end session management in the case of surfing somewhere else I missed what we call in my graphic design background the "Elegant Simplicity". As I said it never was an issue of the user surfing somewhere else, it was the thought of spending too much time in the chatroom. And no, like any online store, you wnat to move the product... There is no reason to share info from the store to the rest of the site, unless i would like to query the users personal info for shopping cart reasons, but that could be done on a seperate application, yet sending that query to the same database... not as easy as it sounds but you get what I mean... Thanks again Dave, and the rest of you too that commented. I did come up with the solution all on my own, but it was presenting the question to those that would listen that helped Thanks; Rino >From: Dave Watts <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: CF-Talk <[EMAIL PROTECTED]> >Subject: RE: session management help please >Date: Sun, 18 Jan 2004 22:43:17 -0500 > > > As an old time chatter myself, I know from experiance, that > > when you log into a chatroom you can be there anywhere from > > 5 minutes to a couple of hours. This is the only thing messing > > with my session management. As I states earlier, I would like > > to add a who's online link to this site. It would upset me if > > I logged in a site and it said a friend of mine was online > > and come to find out they left an hour ago but it still says > > they ar logged in. So I would need to set my timeout session > > to about 15 or 20 minutes, as there would be no reason to > > spend anymore time than that on any given page other than the > > chatroom page. > >I'm not an expert on chat applications, but most chat software I've seen >has >the ability to list who's in the chat room at any given moment - chat >applications typically maintain a connection to a chat server, and aren't >limited by how HTTP works. Depending on the API of your chat software, you >may be able to query it from CF to see who's in what room. > > > DUH! I just had a thought, tell me if this would > > work. It sounds so simple that it wont work. What if on the > > chatroom window only I add a extra, very small frame, nothing > > in it but a little code. I refresh that frame, and that frame > > only, say every 2 minutes. In that case it should keep the > > session active, yet should not offer a big bog down in the > > chat applet. If someone surfs out of the chatroom page, it > > could load a new page either with out that frame or swap that > > frame to a page not coded for refresh. In this way useing > > cookies I could end the session if the browser closes, or by > > setting my time out the session would end shortly after the > > user leaves my domain. Will this work? I think it will, tell > > me what you think. > >This will allow you to maintain the user's session while that user is >within >your chat page. This is a pretty common approach to this problem, I think. >However, it will not end the session when the user goes to a page outside >of >your application, as you originally asked. > > > One last quick question for the more expericenced. As you can > > tell this site will be a online community. It will also offer > > a e-store. Is it better to write two seperate applications (one > > for the store and the other to run the site) or, run them under > > one application? > >If you want to share session data between your store and the rest of the >site, it's probably easier to have them within a single application. > >Dave Watts, CTO, Fig Leaf Software >http://www.figleaf.com/ >phone: 202-797-5496 >fax: 202-797-5444 > > [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: session management help please
- Original Message - From: "NANCY SKAGER" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Sunday, January 18, 2004 8:15 PM Subject: RE: session management help please > Finally it comes to this > > As an old time chatter myself, I know from experiance, that when you log > into a chatroom you can be there anywhere from 5 minutes to a couple of > hours. This is the only thing messing with my session management. As I > states earlier, I would like to add a who's online link to this site. It > would upset me if I logged in a site and it said a friend of mine was online > and come to find out they left an hour ago but it still says they ar logged > in. Is this your biggest concern - doing an accurate "Who's On" list? I'm not certain you can use CF to get any kind of an active-session list for a given application, so you'll need to maintain the list yourself anyway. How you manage that list needn't be related to your login-session managment. You'll need to maintain this list in a persistent data store such as CF's application scope, or in a database. You keep the list current by adding new users to the list when they enter the room, then you keep updating their "last visited" date/time whenever they retrieve a page. Drop users from the list by setting some timeout value of 'X' minutes and deleting those that have expired. This timeout value needn't be related in any way to the timeout of the user's login session. You could, for instance, have a session timeout of one hour, but could use a "Who's On" timeout of 10 minutes. Keep in mind, though, that with a very short who's on timeout, you might see what looks like odd user behavior. Most likely it will look like you have users who come in and leave and keep coming back again and again during what is actually a single visit. > So I would need to set my timeout session to about 15 or 20 minutes, as > there would be no reason to spend anymore time than that on any given page > other than the chatroom page. > > Again the chatroom page is the only one that is messing with my session > management. And yes, I want my chat page on the secured section of my site. > Why you ask? Easy, you ever been to a chatroom where no matter what you do > somebody has got to be a jerk? I want to be able to suspend account login if > needed. > > DUH! I just had a thought, tell me if this would work. It sounds > so simple that it wont work. What if on the chatroom window only I add a > extra, very small frame, nothing in it but a little code. I refresh that > frame, and that frame only, say every 2 minutes. In that case it should keep > the session active, yet should not offer a big bog down in the chat applet. > If someone surfs out of the chatroom page, it could load a new page either > with out that frame or swap that frame to a page not coded for refresh. In > this way useing cookies I could end the session if the browser closes, or by > setting my time out the session would end shortly after the user leaves my > domain. Will this work? I think it will, tell me what you think. Doing this would most likely have exactly the opposite desired effect. Someone goes to your chatroom page, and this bit of code keeps refreshing the page and keeping the user's session alive indefinitely. With absolutely no interaction on their part. They cold have left the computer and gone on vacation for all you know, but they'll appear to remain logged in. Same thing if they (like I do) have 20 browser windows open, forget about the chat window, and go off and visit another site in a different browser window, or start doing something else on the computer for a few hours. > One last quick question for the more expericenced. As you can tell this site > will be a online community. It will also offer a e-store. Is it better to > write two seperate applications (one for the store and the other to run the > site) or, run them under one application? If you have very short session timeouts (15 or 20 minutes qualifies), then it's going to be an inconvenience for shoppers unless you keep their shopping carts intact between sessions. Someone puts a dozen items in a shopping cart, gets a phone call, their session times out, and now they have to start shopping again - or not. An inconvenience for them, but ultimately the seller's loss. With reasonable timeouts, a single application is probably best. Probably easier for you to keep track of when coding and easier for your users. It's annoying to be forced to login repeately on different areas of the same web site. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: session management help please
I see what you mean... Thanks for the insite Jim Thanks; Rino >From: "Jim McAtee" <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: CF-Talk <[EMAIL PROTECTED]> >Subject: Re: session management help please >Date: Mon, 19 Jan 2004 01:52:18 -0700 > >- Original Message - >From: "NANCY SKAGER" <[EMAIL PROTECTED]> >To: "CF-Talk" <[EMAIL PROTECTED]> >Sent: Sunday, January 18, 2004 8:15 PM >Subject: RE: session management help please > > > > Finally it comes to this > > > > As an old time chatter myself, I know from experiance, that when you log > > into a chatroom you can be there anywhere from 5 minutes to a couple of > > hours. This is the only thing messing with my session management. As I > > states earlier, I would like to add a who's online link to this site. It > > would upset me if I logged in a site and it said a friend of mine was >online > > and come to find out they left an hour ago but it still says they ar >logged > > in. > >Is this your biggest concern - doing an accurate "Who's On" list? > >I'm not certain you can use CF to get any kind of an active-session list >for >a given application, so you'll need to maintain the list yourself anyway. > >How you manage that list needn't be related to your login-session >managment. >You'll need to maintain this list in a persistent data store such as CF's >application scope, or in a database. You keep the list current by adding >new >users to the list when they enter the room, then you keep updating their >"last visited" date/time whenever they retrieve a page. Drop users from >the >list by setting some timeout value of 'X' minutes and deleting those that >have expired. This timeout value needn't be related in any way to the >timeout of the user's login session. You could, for instance, have a >session >timeout of one hour, but could use a "Who's On" timeout of 10 minutes. >Keep >in mind, though, that with a very short who's on timeout, you might see >what >looks like odd user behavior. Most likely it will look like you have users >who come in and leave and keep coming back again and again during what is >actually a single visit. > > > So I would need to set my timeout session to about 15 or 20 minutes, as > > there would be no reason to spend anymore time than that on any given >page > > other than the chatroom page. > > > > Again the chatroom page is the only one that is messing with my session > > management. And yes, I want my chat page on the secured section of my >site. > > Why you ask? Easy, you ever been to a chatroom where no matter what you >do > > somebody has got to be a jerk? I want to be able to suspend account >login >if > > needed. > > > > DUH! I just had a thought, tell me if this would work. It >sounds > > so simple that it wont work. What if on the chatroom window only I add a > > extra, very small frame, nothing in it but a little code. I refresh that > > frame, and that frame only, say every 2 minutes. In that case it should >keep > > the session active, yet should not offer a big bog down in the chat >applet. > > If someone surfs out of the chatroom page, it could load a new page >either > > with out that frame or swap that frame to a page not coded for refresh. >In > > this way useing cookies I could end the session if the browser closes, >or >by > > setting my time out the session would end shortly after the user leaves >my > > domain. Will this work? I think it will, tell me what you think. > >Doing this would most likely have exactly the opposite desired effect. >Someone goes to your chatroom page, and this bit of code keeps refreshing >the >page and keeping the user's session alive indefinitely. With absolutely no >interaction on their part. They cold have left the computer and gone on >vacation for all you know, but they'll appear to remain logged in. Same >thing if they (like I do) have 20 browser windows open, forget about the >chat >window, and go off and visit another site in a different browser window, or >start doing something else on the computer for a few hours. > > > One last quick question for the more expericenced. As you can tell this >site > > will be a online community. It will also offer a e-store. Is it better >to > > write two seperate applications (one for the store and the other to run >the > > site) or, run them under one application? > >If you have very short session timeouts (15 or 20 m
