Reputation: 77
Coldfusion Session Timeout
I'm hoping to get some ideas on handling session timeouts in coldfusion.
Right now, when a user logs in, I set session.LoggedIn to true, then of course, when the session times out, that changes to false. All of my coldfusion pages are coded to check for this variable and if it's false, it redirects to and Access Denied page. I changed that code to redirect to index.cfm where their credentials are validated and they're redirected back to their home page. The problem with doing it this way, is if they are in one of their applications and their session expires, when they click on something, they get taken back to their home page.
I tried using a cflocation tag in the OnSessionEnd function in Application.cfc, but of course that didn't work. It's not a real critical issue but I was hoping I could get some ideas from the forum on how you handle this in your environments.
Thanks
Upvotes: 0
Views: 1610
Answers (1)
Reputation: 10473
The SESSION scope is renewed on every page click, or access of the SESSION scope. So, if you have a session timeout set to 10 minutes, and they refresh their page every nine minutes, their session is renewed. They will never be timed out.
The session timeout doesn't start from the time the session is created.
Upvotes: 1
Related Questions
- Looking for suggestions on how to handle Coldfusion session timeout with cfc
- Using multiple SessionTimeout in Coldfusion
- ColdFusion session timing out too early
- Coldfusion different Session timeout lengths
- Coldfusion Session Timeout Application.cfc
- SessionTimeout not overrriding CF Administrator
- ColdFusion User login fails after session timeout
- Two different session timeouts
- ColdFusion sessions are not timing out? Why not?
- ColdFusion sessions not being timed out