Hello,
My logout button doesn't seem to work at all. Hitting the back browser button not only reloads all the pages I have recently viewed when logged in, it re-logs me in again.
I have a logon page that passes user names and passwords (logon.cfm) to getuserinfo.cfm
GetUserInfo validates the users against the database, and sets Session.LoggedIN to yes or no, as required. That works fine. The user either gets logged in, or doesn't.
The logout button clears Session.LoggedIN, but if I just hit the back browser button, I'm logged in all over again. I have all these "don't cache" instructions in the CFHEaders, but they don't seem to matter.
My logout.cfm has this:
StructDelete(Session,'LoggedIN');
But as I said, if I hit the back browser button, in any browser, it just reloads the page and I'm on again.
I tried using this in Logout.CFM
StructClear(Session);
But, after that, I cannot access ANY cold fusion pages on the site - even public ones; it complains that SESSION.CFID doesn't exist. I want the user to still be able to browse the PUBLIC site pages after logging off.
Any suggestions? Here is my Application.CFM:
<CFapplication name="EBasketball" sessionmanagement="yes" setclientcookies="no" sessiontimeout=#CreateTimeSpan(0,0,30,0)#>
<!--- The next 2 lines when used with setclientcookies="No" make sure that session variables are destroyed when the browser is closed --->
<cfcookie name="CFID" value="#Session.CFID#">
<cfcookie name="CFTOKEN" value="#Session.CFTOKEN#">
Please help...
My logout button doesn't seem to work at all. Hitting the back browser button not only reloads all the pages I have recently viewed when logged in, it re-logs me in again.
I have a logon page that passes user names and passwords (logon.cfm) to getuserinfo.cfm
GetUserInfo validates the users against the database, and sets Session.LoggedIN to yes or no, as required. That works fine. The user either gets logged in, or doesn't.
The logout button clears Session.LoggedIN, but if I just hit the back browser button, I'm logged in all over again. I have all these "don't cache" instructions in the CFHEaders, but they don't seem to matter.
My logout.cfm has this:
StructDelete(Session,'LoggedIN');
But as I said, if I hit the back browser button, in any browser, it just reloads the page and I'm on again.
I tried using this in Logout.CFM
StructClear(Session);
But, after that, I cannot access ANY cold fusion pages on the site - even public ones; it complains that SESSION.CFID doesn't exist. I want the user to still be able to browse the PUBLIC site pages after logging off.
Any suggestions? Here is my Application.CFM:
<CFapplication name="EBasketball" sessionmanagement="yes" setclientcookies="no" sessiontimeout=#CreateTimeSpan(0,0,30,0)#>
<!--- The next 2 lines when used with setclientcookies="No" make sure that session variables are destroyed when the browser is closed --->
<cfcookie name="CFID" value="#Session.CFID#">
<cfcookie name="CFTOKEN" value="#Session.CFTOKEN#">
Please help...
