Reputation: 515
SessionTimeout not overrriding CF Administrator
I've got a website with a simple login. After 20 minutes, if the user has been inactive, his session expires, and if he tries to save his work (usually a book review that takes longer than 20 minutes to complete), he's logged out and loses everything.
The code is six years old and I was never able to solve this problem. I was using application.cfm at the time, and have now replaced it with application.cfc:
<cfcomponent>
<!--- Set up the application. --->
<cfset THIS.Name = "SCR" />
<cfset THIS.ApplicationTimeout = CreateTimeSpan( 0, 12, 0, 0 ) />
<cfset THIS.SessionManagement = true />
<cfset THIS.SessionTimeout = CreateTimeSpan( 0, 3, 0, 0 ) />
<cfset THIS.SetClientCookies = false />
<cffunction name="onRequestStart">
<cfargument name="requesturi" required="true"/>
</cffunction>
My login code sets the user's info like this:
<cfif getLoginUser.recordcount eq 1>
<cfset session.user_id=getLoginUser.user_id>
<cfif getLoginUser.user_level_id eq 1>
<cfset session.user_type=1>
<cfelseif getLoginUser.user_level_id eq 2>
<cfset session.user_type=2>
<cfelseif getLoginUser.user_level_id eq 3>
<cfset session.user_type=3>
</cfif>
<cfset session.user_name='#name#'>
<cfif not isdefined('session.redirect_url')>
<cflocation url="my_account.cfm">
<cfelse>
<cflocation url="#session.redirect_url#">
</cfif>
</cfif>
A look at the output of cfApplicationSettings confirms these settings, but the 20 minute timeout continues without fail. I am on shared hosting with no access to the CF Administrator, but it's my understanding that these settings should override that. The only time I seem able to override is if I make the sessiontimeout LESS than 20 minutes...it's happy to expire the session in a minute if I tell it to.
I'm a bit out of the loop on anything since about ColdFusion 5. (I believe the host is running 9 now.), so if there's something totally inept in my cfc I wouldn't be at all surprised.
Thanks.
Upvotes: 0
Views: 77
Answers (1)
Reputation: 1149
Per the ColdFusion documentation: " you cannot set a time-out value [in Application.cfc or Application.cfm] that is greater than the maximum session time-out value set on the Administrator Memory Variables page."
Since you are on shared hosting, if your host won't increase the timeout (and they probably won't), you're going to have to rethink your application flow.
One possible workaround is to use periodic AJAX requests to keep the session alive. Tie the requests to a JavaScript timer based on keypress activity.
Upvotes: 2
Related Questions
- Looking for suggestions on how to handle Coldfusion session timeout with cfc
- Using multiple SessionTimeout in Coldfusion
- ColdFusion session timing out too early
- Coldfusion different Session timeout lengths
- Coldfusion Session Timeout Application.cfc
- ColdFusion User login fails after session timeout
- Coldfusion Session Timeout
- ColdFusion application timing out even with large values for cflogin idletimeout and session timeout
- ColdFusion sessions are not timing out? Why not?
- ColdFusion sessions not being timed out