Problem with clearing Client Variables

[ma701sd]

Hi,

This is a long one!! and I appreciate that you're even taking the time to read through it!

Can anyone help,
I'm trying to create a logout procedure that would work when either a user chooses to logout or the browser is closed (without logging out).

1) I have setclient cookies to "NO" and clientstorage="database"
When a user logs in, a query against a database is performed, and if successful, user is logged in, else an error is displayed.


I have also created a link <A href=&quot;Logout.cfm?cfid=#cfid#&amp;cftoken=#cftoken#&quot;>Logout </A> to logout a user.

The logout.cfm looks like:

<!--- Visual Check to see that the user information has been passed to this page, so display the UserName, CFID and CFTOKEN --->
<CFOUTPUT>
Username:
#Client.UserName#<BR>
CFID:
#client.cfid#<BR>
CFTOKEN:
#client.cfToken#<BR>
<BR>
<BR>
</cfoutput>

<!--- Reset client variables and do a Visual check to see if Client.Username, Client.Password, Client.CFID and Client.CFTOKEN have been reset. Visual check is actioned by the CFOUTPUT tag to display the variables (or not)

Have the Client Variables been Cleared? <BR>
<CFIF IsDefined ('Client.UserName')>
<CFSET client.username = &quot;&quot;>
<CFSET client.password = &quot;&quot;>
<CFSET client.cfid = &quot;&quot;>
<CFSET client.cftoken = &quot;&quot;>
Check to see that UseName, CFID and CFTOKEN variables deleted<BR>
<CFOUTPUT>
Username:
#Client.UserName#<BR>
CFID:
#client.cfid#<BR>
CFTOKEN:
#client.cfToken#<BR>
<A href=&quot;Index.cfm?cfid=#cfid#&amp;cftoken=#cftoken#&quot;> Index </A>
</cfoutput>
<CFELSE>
<CFOUTPUT>The #client.username# Variable has not been deleted</cfoutput>

</CFIF>


This seems to work, i.e. the visual display after the variables have been set to &quot;&quot; and is displayed blank,
However, I have included a link back to the index and as a test I am passing the CFID and CFTOKEN as URL parameters. The strange thing is that they are passed and displayed ??
How can this be if my visual check was blank?

2) I also have another problem ( and I reckon they are related):

I have set clientcookies to NO and storing user info (lastvisit etc etc) in a database.
My understanding is that if the user has logged in before, then the previous CFID assigned is recalled from the DB and given back to that user else if the user is logging in for the first time then a new CFID is assigned to that user. (CFID's are assigned to one user Only)
However,
When I log in as user A , close the browser or Try to logout, then log in as User B, the same CFID assigned to user A is also assigned to user B?

any ideas??

thanx

sam

 

[GunJack]

Hey Sam,

First of all, cfid &amp; cftoken variables are read only so although it may not throw an error, I don't think you can actually set them to &quot;&quot;. If you have set client cookies to &quot;no&quot;, just link to another page without passing the cfid &amp; cftoken and this should clear their login. I don't code things this way so I may be overlooking some little detail but I believe that will accomplish what you want.

I think part of your second problem is that you may have a cfid &amp; cftoken cookie already stored in your browser which may be confusing this issue. I would disable cookies while testing to make sure this doesn't cause any conflicts in your testing.

Also, your assumption that previous cfid &amp; cftokens will be recalled from the database is incorrect as far as I know. The reason CF stores these as cookies by default is so that it can re-establish ties with previous visitors. If you don't let CF store these as cookies, there is no way for CF to know that a new request is from a previous visitor. Cookies were created to allow webservers to identify the same visitor between different page visits and sessions. These provide the only reliable way for a webserver and thus CF to be able to identify a previous visitor's. If you code without them, I don't know of any way to have a visitor re-use their cfid &amp; cftoken.

GJ