Smart questions
Smart answers
Smart people
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login
Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
Join Tek-Tips
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

LINK TO THIS FORUM!

Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum.
Just copy and paste the
code below into your site.

Tek-Tips LinkedIn® Group

Partner With Us!

"Best Of Breed" Forums Add Stickiness To Your Site
Partner Button
(Download This Button Today!)

Feedback

"...I've gotten solutions within a day - it saved a lot of time and actually got me one ATTABOY from my boss..."
More...

Geography

Where in the world do Tek-Tips members come from?
Click Here To Find Out!

Tek-Tips Shirts!

Get Tek-Tips Swag
Get your
Tek-Tips Forums
SWAG here!
Home > Forums > Programmers > Web Development > Adobe: ColdFusion Forum

Logout Doesn't Really End Session

thread232-1665774
Read More Threads Like This One
metaphiz (Programmer)
4 Nov 11 9:51
Users get to the login form after clicking logout, but the session variables aren't really cleared/the session isn't really over.

Here's the way I set the session if they've entered a correct un/pw:

<!--- Remember user's logged-in status, plus --->
  <!--- ContactID and First Name, in structure --->
  <CFSET SESSION.Auth = StructNew()>
  <CFSET SESSION.Auth.IsLoggedIn = "Yes">
  <CFSET SESSION.Auth.UserName  = FORM.UserLogin>
  <CFSET SESSION.Auth.Password  = FORM.UserPassword>
 
  <!--- Now that user is logged in, send them --->
  <!--- to whatever page makes sense to start --->
  <CFLOCATION URL="index.cfm?bg=2">

A URL variable (LogoutNow) activates the StructClear to delete session variables, but users can still access the pages if they type in the URL.  Here's the code I'm using in application.cfm to delete the session:

<cfif ParameterExists(LogoutNow)>
    <cfif ParameterExists(SESSION.Auth.IsLoggedIn)>
        <cfset StructClear(SESSION.Auth.IsLoggedIn)>
        <cfset StructClear(SESSION.Auth.UserName)>
        <cfset StructClear(SESSION.Auth.Password)>
    </cfif>
<cfelse>
    <cfapplication name="SMFKPay5" SESSIONMANAGEMENT="Yes" sessiontimeout="#CreateTimeSpan(0,0,30,0)#">
</cfif>

What am I doing wrong?  Why doesn't the session really end?
FALCONSEYE (Programmer)
7 Nov 11 18:52
first, can you just do ?

CODE

<cfif isDefined('URL.LogoutNow')>
   <cfset StructClear(SESSION.Auth)>
<cfelse>
...
</cfif>

second, insert a cfdump on top of a page that they are not supposed to view:

CODE

 <cfdump var="#session#">

what do you see?  

ColdFusion Ninja for hire.

Read More Threads Like This One

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Back To Forum

Back To Adobe: ColdFusion

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close