cfapplication

[kjeff215]

on logout I have the option to use structclear(thanks Tek)
or I can manually set the local sessiontimeout variable to "0" to clean sweep session variables. My superior s suggested that if coldfusion has a tag (cfapplication)
that allows you to define variable storage mechanism through session and or client variables that maybe there is a similar tag that CF provides for logging out and destroying these variables.

Just following up on their suggestion

any suggestions

 

[SidianConsulting]

Well that's what you are doing when issuing the StructClear() function. Also, if you set the session timeout to 0, I would think that you'd be killing everyone's session, not just that of the current user, since the values in the cfapplication apply to the whole application itself. I never tried that, so I might be wrong.

There is no tag to "log out" a user; it's just a case of doing it manually or rolling your own function or custom tag or cfc or whatever to acheive this functionality.

-Tek

 

[kjeff215]

Okay, thanks for the input

one last question oh kind guru...

Is there anyway in to reject the usage of cfid and cftoken in the url. for example if someone were to try and create their own token by hardcoding it into the url I would want to send them an error better yet warning message.

 

[Silvano]

if you don't want to use the cfid and cftoken passed through the url at all, you can use the IsDefined("url.cfid&quot and IsDefined("url.cftoken&quot to find out if those exist Sylvano
dsylvano@hotmail.com