Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Logout Doesn't Really End Session

Status
Not open for further replies.

metaphiz

Programmer
Jun 30, 2004
91
US
Users get to the login form after clicking logout, but the session variables aren't really cleared/the session isn't really over.

Here's the way I set the session if they've entered a correct un/pw:

<!--- Remember user's logged-in status, plus --->
<!--- ContactID and First Name, in structure --->
<CFSET SESSION.Auth = StructNew()>
<CFSET SESSION.Auth.IsLoggedIn = "Yes">
<CFSET SESSION.Auth.UserName = FORM.UserLogin>
<CFSET SESSION.Auth.Password = FORM.UserPassword>

<!--- Now that user is logged in, send them --->
<!--- to whatever page makes sense to start --->
<CFLOCATION URL="index.cfm?bg=2">

A URL variable (LogoutNow) activates the StructClear to delete session variables, but users can still access the pages if they type in the URL. Here's the code I'm using in application.cfm to delete the session:

<cfif ParameterExists(LogoutNow)>
<cfif ParameterExists(SESSION.Auth.IsLoggedIn)>
<cfset StructClear(SESSION.Auth.IsLoggedIn)>
<cfset StructClear(SESSION.Auth.UserName)>
<cfset StructClear(SESSION.Auth.Password)>
</cfif>
<cfelse>
<cfapplication name="SMFKPay5" SESSIONMANAGEMENT="Yes" sessiontimeout="#CreateTimeSpan(0,0,30,0)#">
</cfif>

What am I doing wrong? Why doesn't the session really end?
 
first, can you just do ?

Code:
<cfif isDefined('URL.LogoutNow')>
   <cfset StructClear(SESSION.Auth)>
<cfelse>
...
</cfif>

second, insert a cfdump on top of a page that they are not supposed to view:

Code:
 <cfdump var="#session#">

what do you see?

ColdFusion Ninja for hire.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top