member area login ending session on browser close

[bluesauceuk]

Hello,

I have written my site, I have a members area and they can login and view the members area.

I would like it to end the session and log them out on browser close.

At the moment my code says, you have x minutes untill you can login again.

Is there a way that kills the session when the browser window is closed.

I have tried the onleave javascript function. but that only kills the session when you are swapping pages!

Can anyone help?

Mark

 

[yuchieh]

in application.cfm

<CFIF IsDefined(&quot;COOKIE.CFID&quot AND IsDefined(&quot;COOKIE.CFTOKEN&quot>
<CFSET cfid_local = COOKIE.CFID>
<CFSET cftoken_local = COOKIE.CFTOKEN>

<CFCOOKIE NAME=&quot;CFID&quot; VALUE=&quot;#cfid_local#&quot;>
<CFCOOKIE NAME=&quot;CFTOKEN&quot; VALUE=&quot;#cftoken_local#&quot;>
</CFIF>

 

[bluesauceuk]

I think that I am not explaining the problem very well.

Say FRED logged in and then just closed all his browers.. and didn't use the logout button... had a coffee and came back... you would expect that he must log back in... okay

I have a problem is that FRED can't login again (as he didn't logout)...

this is my login process
_____________________________

<CFSET SESSION.LOGGEDIN = FALSE>
<!--- query server --->
<CFQUERY NAME=&quot;CheckUser&quot; datasource=&quot;project03&quot;>
	SELECT username, password
	FROM member
	WHERE username = '#form.username#'
</CFQUERY>
<!--- end query --->
	
	<CFIF CHECKUSER.RECORDCOUNT GREATER THAN 0>
	<CFIF CHECKUSER.PASSWORD IS FORM.PASSWORD>
		<CFIF #ISDEFINED(&quot;application.UsersLoggedin&quot;)# IS FALSE>
			<CFSET APPLICATION.USERSLOGGEDIN=STRUCTNEW()>
		</CFIF>
		
		<CFSET usernameATDOOR = CHECKUSER.username>
		<CFIF #STRUCTKEYEXISTS(APPLICATION.USERSLOGGEDIN, usernameATDOOR)# IS TRUE>
			<CFSET ENDTIME = #APPLICATION.USERSLOGGEDIN[usernameATDOOR].TIMECREATED# + #APPTIMESPAN#>
			<CFIF #DATECOMPARE(&quot;#Now()#&quot;, &quot;#EndTime#&quot;)# IS 1>
				<CFOUTPUT>
				<CFSCRIPT>
				StructDelete(application.UsersLoggedin, #CheckUser.username#, true);
				</CFSCRIPT>
				</CFOUTPUT>
				<CFSET SESSION.LOGGEDIN = TRUE>
				<CFSET SESSION.username = CHECKUSER.username>
				<CFSET APPLICATION.USERSLOGGEDIN[&quot;#session.username#&quot;] = SESSION>
				<CFSET APPLICATION.USERSLOGGEDIN[&quot;#Session.username#&quot;].TIMECREATED = NOW()> 
				
			<CFELSE>
				<CFOUTPUT>
				<CFIF #DATEDIFF(&quot;n&quot;, &quot;#Now()#&quot;, &quot;#EndTime#&quot;)# LT 1>
					<CFSET MINUTESLEFT = 'LESS THAN ONE'>
				<CFELSE>
					<CFSET MINUTESLEFT = #DATEDIFF(&quot;n&quot;, &quot;#Now()#&quot;, &quot;#EndTime#&quot;)#>
				</CFIF>
				<CFSET REASON = &quot;: \n\n1- User #CheckUser.username# is already logged-in.\n2- OR you have terminated your last session abnormaly (e.g. your computer crashed).\n\nThis account will be unlocked in: #MinutesLeft# minute(s) from now.\n\nTo obtain more licenses, please contact our sales team.&quot;>
				</CFOUTPUT>	
			</CFIF>
		<CFELSE>
			<CFSET SESSION.LOGGEDIN = TRUE>
			<CFSET SESSION.username = CHECKUSER.username>
			<CFSET APPLICATION.USERSLOGGEDIN[&quot;#session.username#&quot;] = SESSION>
			<CFSET APPLICATION.USERSLOGGEDIN[&quot;#Session.username#&quot;].TIMECREATED = NOW()> 

		</CFIF>
	<CFELSE>
		<CFSET REASON = 'Password Invalid. Try again'>
		
	</CFIF>
<CFELSE>
	<CFOUTPUT>
	<CFSET REASON = 'No Such User: #FORM.username#'>
	</CFOUTPUT>
</CFIF>
<CFIF SESSION.LOGGEDIN>
	<SCRIPT LANGUAGE=&quot;JavaScript&quot;>
	self.location ='members.cfm';
	</SCRIPT>
<CFELSE>
	<CFOUTPUT>
	<SCRIPT>
	alert(&quot;OOPS! \n\n#Reason#&quot;);
	self.location=&quot;login.cfm&quot;;
	</SCRIPT>	
	</CFOUTPUT>

</CFIF>

application.cfm
________________________________________________

<cfif isdefined(&quot;cookie.CFID&quot;) and isdefined(&quot;cookie.CFTOKEN&quot;) >
    <cfset tempCFID = cookie.CFID >
    <cfset tempCFTOKEN = cookie.cftoken >
    <cfcookie name=&quot;CFID&quot;  value=&quot;#tempCFID#&quot; >
    <cfcookie name=&quot;CFTOKEN&quot;  value=&quot;#tempCFTOKEN#&quot; >
</cfif> 

<CFAPPLICATION NAME=&quot;traxmembers&quot; SESSIONMANAGEMENT=&quot;Yes&quot; SESSIONTIMEOUT=&quot;#CreateTimeSpan(0,0,30,0)#&quot; APPLICATIONTIMEOUT=&quot;#CreateTimeSpan(0,0,30,0)#&quot;>

<CFPARAM NAME=&quot;session.loggedin&quot; DEFAULT=&quot;FALSE&quot;>

<CFSET APPTIMESPAN = #CREATETIMESPAN(0,0,30,0)#>

<CFIF #SESSION.LOGGEDIN# IS &quot;FALSE&quot;>

<CFIF (CGI.SCRIPT_NAME IS NOT &quot;/trax/members/index.cfm&quot;) AND (CGI.SCRIPT_NAME IS NOT &quot;/trax/members/login.cfm&quot;) AND (CGI.SCRIPT_NAME IS NOT &quot;/trax/members/login_action.cfm&quot;)> 	
		
		<SCRIPT LANGUAGE=&quot;JavaScript&quot;>
		alert(&quot;Oops! \n\n Invalid Login or Session Timed Out \n\n You will be prompted for your login/password again&quot;);
		self.location='login.cfm';
		</SCRIPT>
		
	</CFIF>	
<CFELSE>
 	<CFIF (CGI.SCRIPT_NAME IS NOT &quot;/trax/members/index.cfm&quot;) AND (CGI.SCRIPT_NAME IS NOT &quot;/trax/members/login.cfm&quot;) AND (CGI.SCRIPT_NAME IS NOT &quot;/trax/members/login_action.cfm&quot;)> 
 		<CFSET APPLICATION.USERSLOGGEDIN[&quot;#session.username#&quot;].TIMECREATED = NOW()> 
	</CFIF>
</CFIF>

___________________________________

The error is in this login_process.cfm with the ... you have xxx mins to try and re-login....

Is there a way around this?

Mark

 

[rhyswilliams]

if you want the session to die when you exit, try using J2EE session. make the setting in the administrator.

 

[ecobb]

If you're using CFMX, this is automatically done if you use cflogin.

Hope this Helps.