Logout Problem Session

[Kleptican]

Hello all,

This is my problem. When a user logs in, copies the URL after logging in (to any of the pages), then logs out and pastes the URL, they can go back to that page. However, if they close the browser, then paste that URL, it sends them straight to the userlogin form.

How can I get the user to not be able to view the pages after they logout and keep the browser open?

This is my application.cfm page:

<cfapplication sessionmanagement="Yes">
<cfif CGI.SCRIPT_NAME IS "/MCSD/index.cfm"><cflocation url="/MCSD/Login/UserLoginForm.cfm" addtoken="no"></cfif>

<cfif not isdefined("session.auth.isloggedin")>
	<cfif isdefined("form.username")>
		<cfinclude template="Login/loginchecker.cfm">
	</cfif>
	<cfinclude template="Login/UserLoginForm.cfm">
	<cfabort>
<cfelse>
</cfif>

This is my logout.cfm page:

<CFSET Session.Auth.isLoggedIn = "No">
<cfset session.auth.UserName = "">
<cfset session.auth.Password = "">
<CFSCRIPT>StructClear(Session.Auth);</CFSCRIPT>
     <cfset StructDelete(session.auth, "isloggedin")>
     <cfset StructDelete(session.auth, "UserName")>
     <cfset StructDelete(session.auth, "Password")>
<cflocation url="../Login/UserLoginForm.cfm" addtoken="no">

Note: I know that the code in the logout.cfm page seems repetitive but I wanted to show you what I've already tried.

Here is my loginchecker.cfm page:

<cfquery name="loginCheck" datasource="MCSD">
	SELECT ghrlast, ghrssn
	FROM Employees_New
	WHERE ghrlast = '#FORM.userName#'
	AND ghrssn = '#FORM.Password#'
</cfquery>

<cfif #loginCheck.RecordCount# IS 0>
	<cflocation url = "UserLoginForm.cfm">
	<cfabort>
<cfelse>
	<CFSET Session.Auth = StructNew()>
	<CFSET Session.Auth.isLoggedIn = "Yes">
	<CFSET Session.Auth.username = loginCheck.ghrlast>
	<CFSET Session.Auth.password = loginCheck.ghrssn>
	<cfset Session.Auth.ID = #FORM.Password#>
	<CFIF #CGI.SCRIPT_NAME# IS "/MCSD/Login/UserLoginForm.cfm">
		<cflocation url="../employee/index.cfm" addtoken="no">
	<CFELSE>
 	 	<cflocation url = "#CGI.SCRIPT_NAME#" addtoken="no">
	</cfif>
</cfif>

Thanks for any input!

 

[scon44]

<cfapplication name="#Request.AppName#" sessionmanagement="yes" sessiontimeout="#CreateTimeSpan(0,0,0,0)#"> have a link that says logout and when they click on it this code gets executed...

 

[scon44]

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<CFHEADER name="Expires" value="06 Nov 1994 08:49:37 GMT">
<CFHEADER name="Pragma" value="no-cache">
<CFHEADER name="cache-control" value="no-cache, no-store,must-revalidate">
<meta http-equiv="Expires" CONTENT="Mon, 06 Jan 1990 00:00:01 GMT">
<meta http-equiv="Pragma" CONTENT="no-cache">
<meta http-equiv="cache-control" VALUE="no-cache, no-store,must-revalidate">

Between the <head></head> tag
Will help with the cach issue

 

[Kleptican]

Thanks for replying.

For your first suggestion, is that supposed to be similar to the structdelete() or structclear()? Will it work if they close the browser as well? I ask because first post used structclear() and structdelete() and it didn't seem to work. So I'll try yours now.
For your second suggestion, am I supposed to put it on the beginning of every singe .cfm page i have?

 

[Kleptican]

I was told to try:

<CFSCRIPT>StructDelete(Session);</CFSCRIPT>

But I'm getting the error:

Parameter validation error for function STRUCTDELETE.  
The function takes 2 to 3 parameters.

Could someone elaborate on how to correctly use the statement? Thanks a lot.

 

[GUJUm0deL]

When you use the STRUCTDELET you need to specify which struct you want to delete. For your case, it would be something like:

<CFSCRIPT>StructDelete(Session,#Session.Auth.username#);</CFSCRIPT>

http://livedocs.macromedia.com/coldfusion/6/CFML_Reference/functions-pt291.htm

____________________________________
Just Imagine.

http://www.imajinarts.com

 

[Kleptican]

thanks for the explanation.
scon44: your code worked great. I have a question though, I'm not understanding the dates. It seems like the times and dates are completely random for the "Expires". But thanks for your help