Ending a session when browser is closed 2

[SteelDragon]

Ok, let me start this by saying many thanks to those that helped me on my last issue, I think I've got that one worked out completly. Now on to my next.... (Do they ever end??) I want the users session to end when the user closes their browser window. Currently I have session timeout set to 5 minutes. I need to know what is the best/easiest way to accomplish this?
Thanks Again,
SteelDragon

 

[tleish]

One solution is to use some JScript that will redirect the user to the logout page when he/she tries to leave the site or close the browser window.

Take a look at this page of a tutorial on CFTutorial.com for an example of this:

http://www.cfvault.com/index.cfm/mo...22-EC4C-11D3-85030050DABEAE1B/Tutorial_Page/6

 

[SteelDragon]

tleish, I went there and looked at all of that, I even tried it to no avail... I cannot seem to get it to work in my application... If you or anyone else out there can help me get that to work properly I would appreciate it.

Thanks Again,
SteelDragon

 

[GunJack]

I've got an idea that might do what you want a little more reliably than the JS approach. The problem with using JS for this is the obvious fact that not everyone may have it enabled. I also didn't find an event that gets generated when the browser closes out. There may be one supported in the newer browsers but my reference didn't show one for the older implmentations of JS.

If what you want is to have the person lose their session when the browser exits, you could try keeping their session alive without cookies. By passing the cfid & cftoken values from page to page via url variables, you will keep their session alive without the use of cookies. When they close out, they will go back to the page and be assigned a new cfid & cftoken which in effect gives them a new session.

The only way they could defeat this would be bookmarking a page with the embedded cfid & cftoken. If you have your session timeout set low, this would only work for a few minutes. You could further re-strict this by checking the referring url (cgi.http_referer) and ensuring it begins with your site name. If it doesn't, you know they came from a bookmark and you can re-direct them back to the same page without the cfid & cftoken which will give them a new session.

Hope this makes sense,
GJ

 

[ziwacky]

Well, I didn't get it. And that's exactly what I'm looking forward to do.

Would you mind to explain it again. This is the first time I've tried using the CFID and the CFTOKEN. So, it can walk me through a little I will appreciate it.

Thx,

Ziwacky

 

[GunJack]

Hey Ziwacky,

First, make sure you've read the documentation on the application framework as it will give you important background info on sessions. I can only add to what you learn there.

Basically, CF uses the variables cfid & cftoken to keep track of session and client information. When you create an application framework with the <cfapplication> tag, CF will generate a cfid/cftoken pair and try to store these as cookies on the visitor's browser (unless you specify not to). This way, every page request causes two cookies containing the cfid/cftoken information to be passed to your scripts and thus CF. If the visitor doesn't have cookies enabled, they will not be sent and CF will issue new ones. In most cases this is un-desireable as it will cause all session information to be lost between page clicks. To get around this, you can pass the cfid & cftoken via url variables in case the visitor doesn't have cookies enabled.

<a href=&quot;index.cfm?cfid=#cfid#&cftoken=#cftoken#&quot;>Next Page</a>

This allows you to keep a visitors session alive even if they don't have cookies enabled. In Steel's example above, you would cause a visitor to lose their session if they closed their browser since they wouldn't have their cfid/token stored in a cookie. The frist time they came back to the site, these would be missing and CF would assign new ones and thus a new session.

Hope this helps,
GJ