Session variables timing out 2

[barrylowe]

Folks,

I am having real problems with my session variables, they keep timing out after 20 minutes. I want it to be 3 hours.

I only use one session variable called 'session.who' which I use to store the ID of the user logged into the system. At the start of each page I have an Include file which checks to see the variable exists and if it doesn't it forces them to login again.
I have listed my Application.cfm file below and in it you will see that I have set up code to destroy the session variables when the browser is closed. In the Application file you will see that the sessiontimeout value is set to 3 hours, in ColdFusion Administrator I went into the variables section and set both maximum and default timeout values for session variable to 3 hours and they are still timing out after 20 minutes.
Can anyone help?

Application.cfm
===========================================================

<!---
**
* Name:Macromedia
*
* Copyright (c) 2002 Macromedia. All Rights Reserved.
* DO NOT REDISTRIBUTE THIS SOFTWARE IN ANY WAY WITHOUT THE EXPRESSED
* WRITTEN PERMISSION OF MACROMEDIA.
--->

<cftry>
<cfapplication name=&quot;MyApp&quot; sessionmanagement=&quot;Yes&quot; setclientcookies=&quot;No&quot; sessiontimeout=#CreateTimeSpan(0,3,0,0)#>
<!--- The next 2 lines when used with setclientcookies=&quot;No&quot; make sure that session variables are destroyed when the browser is closed --->
<cfcookie name=&quot;CFID&quot; value=&quot;#Session.CFID#&quot;>
<cfcookie name=&quot;CFTOKEN&quot; value=&quot;#Session.CFTOKEN#&quot;>

<cfsetting showdebugoutput=&quot;yes&quot;>
<cfset factory = createObject(&quot;java&quot;, &quot;coldfusion.server.ServiceFactory&quot>
<cfset request.security = factory.securityService>
<cfset checkSecurity=request.security.RDSSecurityEnabled>
<cfcatch type=&quot;any&quot;>
<cfset checkSecurity=&quot;false&quot;>
</cfcatch>
</cftry>

<cfif checkSecurity>
<cfif IsDefined('form.rdspassword')>
<cfset rdspassword=&quot;#form.rdspassword#&quot;>
<cfelseif IsDefined('URL.rdspassword')>
<cfset rdspassword=&quot;#URL.rdspassword#&quot;>
<cfelse>
<cfabort>
</cfif>

<cfif NOT request.security.checkRDSPassword(rdspassword)>
<cfif NOT request.security.checkAdminPassword(rdspassword)>
<cfabort>
</cfif>
</cfif>
</cfif>

 

[skobo]

Have you checked the variable settings in the Cold Fusion Administrator? By default the maximum timeout for session variables is 20 minutes. This will supercede any timeout settings you put in your CFAPPLICATION.

Chris

 

[csteinhilber]

Actually, I believe it's the reverse, Chris... timeout periods set in the Application.cfm will supercede the default setting in ColdFusion Administrator (unless the timeout set in Application.cfm exceeds the maximum allowed by Administrator).

Regardless... he already said he'd set both the default and max timeouts in Administrator to 3 hours (just to be sure they took... did you go back into Administrator and make sure they were still 3 hours? Might also try setting the max to greater than the default... like a max of 2 days, and a default of 3 hours)

Also, you might turn on debugging, and insert a few CFDUMPs to make sure the session variables are actually getting set in the first place.

Finally... are you using CFLOCKs?


Hope it helps,
-Carl

 

[barrylowe]

Carl,

I went back in and checked the settings and they are both still at 3 hours. I will try setting the max value higher than the default and see if that makes any difference.

The session variables are definitlety getting set as the system wouldn't function if they didn't.

No, I am not using CFLOCKs. I had seen this in the help system but was a bit unsusre as to what it does. Would this make a difference?

Barry.

 

[csteinhilber]

Barry,
Go ahead and do a

<CFDUMP VAR=&quot;#session#&quot;>

just to make sure. I know it sounds strange, but I have had instances where I thought &quot;the system wouldn't function&quot; if certain session variables weren't set, when in fact... it did. Can't help to just check. And CFDUMP makes it real easy now.

As for CFLOCKs: variables in the session, server and application scopes are stored (in memory or registry, depending on your setup) between requests. Since ColdFusion is multi-threaded (by default), it can handle several requests concurrently. CFLOCK helps to ensure that concurrent requests don't try to manipulate variables at the same time (causing a conflict). It's kind of like source control for variables... your opportunity to tell ColdFusion &quot;I'm manipulating this variable, don't let anybody else touch it until I'm done&quot;... you're &quot;checking out&quot; the variable.
If you're running ColdFusion as a single-threaded server, CFLOCKs aren't as important... but it's still a good idea to stick them into your code, just in case someday you switch over to multi-threaded.
Safety comes at a price, though... since CFLOCK postpones subsequent requests to update variables that you have locked, it's never a good idea to leave any scope locked for longer than is necessary. So, usually, you CFLOCK the desired scope, and do a deep copy of all the variables you're interested in, then close the lock, manipulate the variables however is necessary, then CFLOCK the scope again and copy all the variables back.
Whether the fact that you're not using CFLOCK would lead to the problems you're having, I'm not sure. It might. Though it's doubtful... especially if the application you're developing isn't live and you're the only one currently hitting it. Still not a bad idea to add locks while you're in there, though.

Hope it helps,
-Carl

 

[SidianConsulting]

If you didn't reboot after you set the session timout in the administrator, ColdFusion is still looking at the old values, even though the new ones look like they are there. What is probably happening is that until you reboot, ColdFusion's default timout is 20 minutes for session variables, and when you set it to 3 hours in the cfapplication tag, the timeout is more than the default of 20 minutes, hence the 20 minute timeout that is happening.

-Tek

 

[barrylowe]

Thanks for the help folks, the re-start of the server fixed it.

Carl - Thanks for the info on CFLOCK.

 

[csteinhilber]

Beautiful, Tek!

I never realized you had to reboot. I guess a message from the server to that effect when one adjusts those values would be nice. Hope it helps,
-Carl

 

[SidianConsulting]

Cheers to BarryLowe for actually figuring out that I meant RESTART the CF Server, not reboot the machine

If I had looked at my post, I'd have thought you had to reboot the entire server!

Some CF administrator pages actually tell you changes will not take effect until the cf service is restarted.
Unfortunately, the page in question does not!

-Tek

 

[csteinhilber]

LOL! Missed that.

I guess I'm always in a state of mind where reboot means bounce the server. If I ever had to turn the actual machine off, I'd be lost ;-)

Hope it helps,
-Carl

 

[andy98]

What if your are in a shared ColdFusion environment and you can't set the default sessiontimeout in CF Administrator. Should the sessiontimeout value elapse when the setting in your application.cfm state that it is supposed to? If so, mine does not.

Any Ideas?