Client Variables 1

[ttrinh]

Hi
How do I kill session and client variables when a user logs out or close the application?
I have a client variables and session variables enabled in the application.cfm. The logout code is as follows:
<CFSET DeletedPassword=DeleteClientVariable(&quot;password&quot>
<CFSET Deleteduserid=DeleteClientVariable(&quot;userid&quot>
<CFSET Deletedusername=DeleteClientVariable(&quot;username&quot>
<CFSET DeletedloggedOut=DeleteClientVariable(&quot;loggedOut&quot>
<cfset client.userid = &quot;&quot;>
<cfset client.userkey = &quot;0&quot;>
<cfset client.password = &quot;&quot;>
<cfset client.permission = &quot;application.accessreadonly&quot;>
The above code which appears to be killing the client variables however after it is wiped the page just hangs there(blank screen). Does anyone know how to close the browser as well when u click logout ? Or alternatively direct the user to another url but kill the client variables at the same time.
If I put in a <cflocationtag> to go to a new URL then open the application again the client variables are still there. I don't understand this. Can anyone explain it ?

 

[tlhawkins]

Yeah,

Client variables are sticky.

Try this:

<Cfset Success = #DeleteClientVariable(&quot;Var_Name&quot#>

<CFIF Success = True>
You have logged out.
</CFIF>

There isn't much chance that this will ever be false, it will be true if it was successfull.

Have fun...

 

[ttrinh]

Hi tlhawkins,
I followed your suggestion and no it didn't appear to do much the blank page still hung there
any other ideas?
Do you know if its possible that I use cflocation in logout code to direct users elswhere like say our homepage and have the client vars killed off at the same time so that when they next open the application up it will have to log in again ? I have tried that method to make it appear to close down gracefully (instead of that blank screen) but this does not kill the variables off like the blank screen

 

[engineer2100]

Hi,

I am not a CF guru here, but try reversing the assignment sets i.e instead of


<CFSET DeletedPassword=DeleteClientVariable(&quot;password&quot>
<CFSET Deleteduserid=DeleteClientVariable(&quot;userid&quot>
<CFSET Deletedusername=DeleteClientVariable(&quot;username&quot>
<CFSET DeletedloggedOut=DeleteClientVariable(&quot;loggedOut&quot>
<cfset client.userid = &quot;&quot;>
<cfset client.userkey = &quot;0&quot;>
<cfset client.password = &quot;&quot;>
<cfset client.permission = &quot;application.accessreadonly&quot;>


try doing this


<cfset client.userid = &quot;&quot;>
<cfset client.userkey = &quot;0&quot;>
<cfset client.password = &quot;&quot;>
<cfset client.permission = &quot;application.accessreadonly&quot;>
<CFSET DeletedPassword=DeleteClientVariable(&quot;password&quot>
<CFSET Deleteduserid=DeleteClientVariable(&quot;userid&quot>
<CFSET Deletedusername=DeleteClientVariable(&quot;username&quot>
<CFSET DeletedloggedOut=DeleteClientVariable(&quot;loggedOut&quot>


Hope this solves

 

[ttrinh]

Hi engineer2100,
Thanks for the suggestion.I tried and it didn't work .It didn't appear to affect the application at all.
Any other ideas ?

 

[CFDude]

You mentioned you have a cflocation tag -- check the file that it is pointing to. If it is in the same directory as the application.cfm, then it may be resetting the client variables when you do the cflocation. Or if the client variables get killed and your application.cfm does a redirect to a page because they are not set, then it may be caught in a loop. You may have to do some conditional logic to exclude those pages you are cflocating to so that it doesn't recheck for the client vars.

Could you post your application.cfm code?

 

[ttrinh]

Hi CFDude
Sorry about the length of it. When my cflocation tag points to either the index.cfm or a another url(our intranet homepage in which the the application.cfm resides) the client vars don't get killed at all. But when I don't have a cflocation tag the client vars get killed. Could you explain the indefinte loop further? I'm noty quite sure I follow but i think it sounds fitting for this situation.
The Application.cfm is as follows :

<cfsetting enablecfoutputonly=&quot;Yes&quot;>
<cfapplication name=&quot;bins&quot;
clientmanagement=&quot;yes&quot;
sessionmanagement=&quot;yes&quot;
sessiontimeout=#CreateTimeSpan(0, 0, 30, 0)#
applicationtimeout=#CreateTimeSpan(0, 1, 30, 0)#>

<!---kill all vars on close of browser--->
<cfif IsDefined(&quot;Cookie.CFID&quot AND IsDefined(&quot;Cookie.CFTOKEN&quot>
<cfset Variables.cfid_local = Cookie.CFID>
<cfset Variables.cftoken_local = Cookie.CFTOKEN>
<cfcookie name=&quot;CFID&quot; value=&quot;#Variables.cfid_local#&quot;>
<cfcookie name=&quot;CFTOKEN&quot; value=&quot;#Variables.cftoken_local#&quot;>
</cfif>

<!--- if not otherwise stated we can assume that this application hasn't been started --->
<cfparam name=&quot;application.Started&quot; default=&quot;false&quot;>

<!--- If the application hasn't been started then set all of the application variables --->
<cfif application.Started eq &quot;false&quot;>
<cfparam name=&quot;application.emailserver&quot; default=&quot;&quot;>

<!--- database bits and pieces --->
<cfset application.DS = &quot;BINS&quot;>
<cfset application.DB = &quot;ODBC&quot;>

<!--- standard colors --->
<cfset application.topcol = &quot;##aaaaaa&quot;>
<cfset application.tablecol = &quot;##a2c5df&quot;>
<cfset application.bodybgcol = &quot;##a2c5df&quot;>
<cfset application.page1col = &quot;##a2c5df&quot;>
<cfset application.page2col = &quot;##a2c5df&quot;>
<cfset application.page3col = &quot;##a2c5df&quot;>
<cfset application.page4col = &quot;##a2c5df&quot;>
<cfset application.quikbinbgcol = &quot;##87d1a5&quot;>
<cfset application.menucol = &quot;##eeeeee&quot;>
<cfset application.reviewcol = &quot;##cccccc&quot;>

<!--- base url and pathname --->
<cfset application.baseurl = &quot;

http://inside.bal.bna.boeing.com/new/&quot;>

<cfset application.basepath = &quot;support/quality/bins/&quot;>

<!--- deadline timespans (in days) --->
<cfset application.dlrespmgr = 7> <!--- respmgr deadline (days from datecreated) --->
<cfset application.dlaction = 14> <!--- action deadline (days from datecreated) --->

<!--- security variables --->
<cfparam name=&quot;application.maxpassattempts&quot; default=&quot;16&quot;>
<cfparam name=&quot;application.accessreadonly&quot; default=&quot;16&quot;>
<cfparam name=&quot;application.accesscreateaction&quot; default=&quot;32&quot;>
<cfparam name=&quot;application.accesscreateactionclose&quot; default=&quot;48&quot;>
<cfparam name=&quot;application.accessadmin&quot; default=&quot;56&quot;>

<!--- change application.started to &quot;false&quot; to reset application settings --->
<cfset application.Started = &quot;true&quot;>
<cfset application.startedOn = &quot;#now()#&quot;>
</cfif>

<!---
If there is a client.userID variable defined, then we have obviously
already set all of these session bits and pieces up, thus I see no real
reason to go ahead and do it again!!!
--->
<cfparam name=&quot;client.Started&quot; default=&quot;false&quot;>
<cfif client.Started eq &quot;false&quot;>
<!--- set defaults based on browser type --->
<!--- (a quick fix to a #$%@&! Netscape problem) --->
<CF_BrowserCheck agent=&quot;#cgi.http_user_agent#&quot;>
<cfif bc_browser eq &quot;Netscape&quot;>
<cfset client.cols35 = 18>
<cfset client.cols40 = 21>
<cfset client.cols45 = 23>
<cfset client.cols50 = 27>
<cfset client.cols60 = 30>
<cfset client.cols65 = 32>
<cfset client.cols70 = 35>
<cfelse>
<cfset client.cols35 = 35>
<cfset client.cols40 = 40>
<cfset client.cols45 = 45>
<cfset client.cols50 = 50>
<cfset client.cols60 = 60>
<cfset client.cols65 = 65>
<cfset client.cols70 = 70>
</cfif>

<!--- session variables --->
<cfparam name=&quot;client.userid&quot; default=&quot;&quot;>
<cfparam name=&quot;client.userkey&quot; default=&quot;0&quot;>
<cfparam name=&quot;client.password&quot; default=&quot;&quot;>
<cfparam name=&quot;client.permission&quot; default=&quot;#application.accessreadonly#&quot;>
<cfparam name=&quot;client.email&quot; default=&quot;&quot;>
<cfparam name=&quot;client.passattempts&quot; default=&quot;0&quot;>
<cfparam name=&quot;client.loggedOut&quot; default=&quot;false&quot;>

<cfset client.Started = &quot;true&quot;>
</cfif>

<cf_formurl2attributes>
<cfparam name=&quot;attributes.prevaction&quot; default=&quot;description&quot;>
<cfif isDefined(&quot;attributes.bin&quot and isDefined(&quot;attributes.action&quot>
<!---
Now, for each BIN, have a look at the permissions allowed for the user.
Have to pull out the info for the BIN.. it appears that I do this in every
page anyway, so I might move that query back to here!.

First set all permissions to false, and then update those ones that are allowed.

1. If they are a quality rep or higher, then they have permsission to scribble
on everything and anything;
2. If they are a quality Rep, Responsible Manager or Actionee, then let them
write to their relevant section, or to the comments...
3. Otherwise, don't give them any permissions...
--->
<!--- 1. Get the BIN info! --->
<cf_binTX txName = &quot;BIN&quot;
txMode = &quot;getBIN&quot;
txID = &quot;#attributes.bin#&quot;>
<!--- If the userKey is 0 then they are not logged in and no write access --->
<cfif (client.userKey eq 0)>
<cfset thisBIN.canEdit = &quot;false&quot;>
<!--- If they have Quality Rep access, it doesn't matter where they are, then can write --->
<cfelseif (client.permission ge application.accesscreateactionclose)>
<cfset thisBin.canEdit = &quot;true&quot;>
<!--- If this is the acceptance or comments tab, or the save routine for acceptance, and
the user is the responsible manager, then they get write access --->
<cfelseif (client.userKey eq bin.respMgr) and
((attributes.action eq &quot;acceptance&quot or
(attributes.action eq &quot;comments&quot or
((attributes.prevaction eq &quot;acceptance&quot and (attributes.action eq &quot;save&quot))>
<cfset thisBin.canEdit = &quot;true&quot;>
<!--- If this is the actionsreqd or comments tab, or the save routine for the actions,
and the user is the actionee, then they get write access --->
<cfelseif (client.userKey eq bin.Actionee) and
((attributes.action eq &quot;actionsreqd&quot or
(attributes.action eq &quot;comments&quot or
((attributes.prevaction eq &quot;actionsreqd&quot and (attributes.action eq &quot;save&quot))>
<cfset thisBIN.canEdit = &quot;true&quot;>
<!--- If they don't fall into any of those categories, then take away write access --->
<cfelse>
<cfset thisBIN.canEdit = &quot;false&quot;>
</cfif>
</cfif>

 

[CFDude]

Looking through, I don't see any cflocation tag that could be causing the problem. You do have a couple of custom tags
but I would doubt there would be anything there that would cause the problem.

What I was referring to about the infinite loop is lets say in your application.cfm you have something like

<cfif client.loggedin is &quot;false&quot;>
<cflocation url = &quot;login.cfm&quot;>
</cfif>

What could happen is if the client.logged in is false, the application.cfm will redirect to login.cfm -- if login.cfm is in the same directory structure of application.cfm, then the application.cfm will be read again and try to keep cflocating to the login.cfm -- it will get stuck because you didn't specify in the application.cfm to not run the cflocation if the page happened to be login.cfm. Did you follow that?

HTH,
Tim P.

 

[ttrinh]

Yes I see what you mean
Sorry the cf location tag is in the logout code which is in the login.cfm as follows:
<cfcase value=&quot;logout&quot;>
<!---<cfset SESSION.ACTIVE = false>
<cfset CLEAR = #StructClear(session)#>--->
<CFSET DeletedPassword=DeleteClientVariable(&quot;Client.password&quot>
<CFSET Deleteduserid=DeleteClientVariable(&quot;Client.userid&quot>
<CFSET Deletedusername=DeleteClientVariable(&quot;Client.username&quot>
<CFSET DeletedloggedOut=DeleteClientVariable(&quot;Client.loggedOut&quot>
<cfset client.userid = &quot;&quot;>
<cfset client.userkey = &quot;0&quot;>
<cfset client.password = &quot;&quot;>
<cfset client.permission = &quot;application.accessreadonly&quot;>
<cfset deleteusername = StructDelete(SESSION, &quot;username&quot>
<cfset deleteuserID = StructDelete(SESSION, &quot;userid&quot>
<cfset deleteLogin = StructDelete(SESSION, &quot;loggedOut&quot>
<cfset deleteyesterday = StructDelete(SESSION, &quot;password&quot>



<Cfset Success = #DeleteClientVariable(&quot;Client.userid&quot#>

<CFIF Success eq &quot;True&quot;>
<cfoutput>You have logged out.
</cfoutput>
</CFIF>
<!---<cflocation url=&quot;

http://inside.bal.bna.boeing.com/&quot;

addtoken=&quot;no&quot;>--->

<cflocation url=&quot;#application.baseurl##application.basepath#index.cfm&quot; addtoken=&quot;no&quot;>
</cfcase>

</cfswitch>

 

[tlhawkins]

Hey sorry for delaying, I was out of town.

If I were you I would put the Log-Out message page on the same page with the DeleteClientVariable statements that way there wont be an issue with the CFLOCATION tag. Cookies will not work correctly on a page with a CFLOCATION tag because the CFLOCATION is called before the page actually finishes loading and the Cookies are not accessed until after the page is completely loaded. So your CFID's are still stored in a cookie, when you re-load they are re-called.

Hope it Helps.

 

[ttrinh]

That's ok
So you're telling me that I can't direct it to another url using the cflocation tag and desstroy the Client vars at the same time? Is there another option other than having a logout msg page? As I'm not sure if my users/clients would take to that idea. Can I close the browser instead? If so do you know how to do it ?

 

[tlhawkins]

Looking back at my message I feel like I stopped in the middle of a sentence. If that is actually the problem (it probably is) then use this instead of <cflocation...>

<SCRIPT LANGUAGE=&quot;JavaScript1.2&quot;>
location.replace(&quot;mylogoutpage.cfm&quot
</SCRIPT>

The Javascript solution waits until the page is fully loaded and thus all cookies have been written before it re-directs.

Hope it helps.

 

[ttrinh]

I tried your javascript code
<SCRIPT LANGUAGE=&quot;JavaScript1.2&quot;>
location.replace(&quot;mylogoutpage.cfm&quot
</SCRIPT>
instead of the cflocation tag but it does not redirect to anywhere. I tried putting the URL for our intranet site and to index.cfm, both did not redirect. I just got a blank screen but the client vars got killed : ) Am I missing something else ?

 

[tlhawkins]

Hmmm... We both must be missing something.

Try this Javascript..

<SCRIPT LANGUAGE=&quot;JavaScript1.2&quot;>
window.location.href = &quot;

http://www.mysite.com/mylogoutpage.cfm&quot;;

</SCRIPT>

I think this method is more compatible.

Make sure you put this Javascript at the very end of the page. Also make sure that the page that is being called is not expecting to find the Client Variables that you just deleted. ALSO... you only need one Semi-Colon at the end of the window.location line, Tek-Tips is adding the other one in .

 

[ttrinh]

Sorry
I tried that too, it didn't do anything different to the location.replace().
Any other ideas ?

 

[tlhawkins]

Well,

I would try a few things at this point, perhaps you have tried them.

Can you output any content after deleting the Client variables? Try just outputing a &quot;Hello&quot; after the client variables are erased. Try putting the output after the page should have forwarded then you will find out if it is hanging on a blank screen from the sending page or the page you are going to. You could try forwarding to a page that has very little content and doesn't refer to any Client Variables (make a dummy page with a simple message and that is all)

Have you tried &quot;including&quot; the page with the logout message after deleting client variables?

<cfinclude template = &quot;logoutpage.cfm&quot;>

Like I said, you may have tried all of that. Let me know what happens (or happened) . It is possible that the problem is not with either the Client variables or the forward directive.

 

[ttrinh]

I have tried the following after I have deleted the client vars
<Cfset Success = #DeleteClientVariable(&quot;Client.userid&quot#>

<CFIF Success eq &quot;True&quot;>
<cfoutput>You have logged out.
</cfoutput>
</CFIF>
This outputs &quot;You have logged out.&quot;
This gives the same output as the cfinclude you suggested.
This leads me to thinking that the only way out of this is to have a logout page ie a confirmation logout pageonce the client vars are killed off asthis seems to be the only way to kill off client vars.
Any other redirecting that I have tried have not been able to kill off the client vars.
Am I right in thinking this? What do you think?

 

[tlhawkins]

If you would rather do it another way you could try putting the code to Delete the Client variables on the page that you wanted to use for a logout. Then call it with an URL variables like this.

<A href = &quot;logoutpage.cfm?D=1&quot;>Logout</A>

Then in your logout page ( am i right in understanding that you want to use your login page as your logout page? )

<cfif #isdefined(&quot;url.D&quot# is &quot;yes&quot; and Url.D is &quot;1&quot;>
<Cfset Success = #DeleteClientVariable(&quot;Client.userid&quot#>
</cfif>

If that code was at the top of the page it should go ahead and render the rest of the page as it would have.

Hope that finally fixes it! This was a tought one.

 

[ttrinh]

I have decided to go with a logout confirmation page : )
Thanks for all your help . Hope it wasn't as headinging for you as it was for me. At last I can kill the client vars and recognise that I can't redirect to other URLs

 

[tlhawkins]

No Problem,

I'm sure there is a way to do it. I have pages that do it. I don't know exactly what is hanging it up. If you can make it work go with it.

Have fun...