CODEWITHSUNDEEP
sessionbrowsercoldfusionapplication.cfc
Lucy
Lucy

Reputation: 21

Kill Session on browser close

My session is called "Session.MM_Username". I want to 'kill' it when a browser is closed. Can somebody explain how I might do this? For reference, here's my Application.cfc code:

<cfcomponent>
    <cfset this.applicationname="cfGossip">
    <cfset this.applicationname="true">
    <cfset this.sessionManagement = true />
</cfcomponent>

Upvotes: 1

Views: 2809

Answers (4)

Some Dude
Some Dude

Reputation: 207

When in doubt, Ben has the answer. http://www.bennadel.com/blog/1131-ask-ben-ending-coldfusion-session-when-user-closes-browser.htm

Basically, "you cannot force a session to end because a session is not something that is running (in the way that you think of a Windows application as running). These are all just chunks of memory space that get associated with different users. The best we can do is prevent a users' browser from re-associating with a given session on page refresh or page load. This will get the user to create a NEW session, but won't technically end the old session."

Just using session management with a session length long enough to do what a user may be doing, but not so long that it is active for days,

Upvotes: 0

ryber
ryber

Reputation: 4555

Your CFID and CFTOKEN cookies need to be set at session cookies like this:

<cfapplication     
     sessionmanagement="Yes"
     name="MyApplication"
     setclientcookies="No"
     sessiontimeout=#CreateTimeSpan(0, 0, 1440, 0)#>

<cfcookie name="CFID" value="#SESSION.CFID#" />
<cfcookie name="CFTOKEN" value="#SESSION.CFTOKEN#" />

Upvotes: 1

Henry
Henry

Reputation: 32885

Use J2EE servlet session management

http://help.adobe.com/en_US/ColdFusion/9.0/Developing/WSc3ff6d0ea77859461172e0811cbec22c24-7c48.html#WS88096532-E1B5-40d6-92CF-41A5E402994B

see slide 30, or watch the connect recording at http://www.12robots.com/index.cfm/2009/9/17/ColdFusion-Application-Security-at-the-Boston-CFUG--Last-Night

Upvotes: 2

David Wolever
David Wolever

Reputation: 154454

Basically, you need to create a "session cookie" - that is, a cookie with no expiry date. It will be removed when the browser window is closed.

I don't know how to do this off hand with CF, but this will probably help: http://www.google.com/search?q=cold+fusion+session+timeout

Possibly by setting:

this.sessiontimeout = ""

Upvotes: -1

Related Questions