Im having the same trouble with my apps where the session seems to be timing out way too early. In one case i have set the shopping cart session to 40 minutes with the following line in application.cfm - sessiontimeout="#CreateTimeSpan(0,0,40,0)#" - then i put something into the cart and wait ten minutes and the cart is empty (gone). Can anyone tell me where to begin looking for the cause of this?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
sessions timing out way too early!
- Thread starter leadman
- Start date
It is possible that the site administrator has set the session timeout to ten minutes..
If you can't get the administrator to change that value you may want to try a JavaScript to extend the session. There are many such tags in the macromedia developers exchange in addition to this one.
If you can't get the administrator to change that value you may want to try a JavaScript to extend the session. There are many such tags in the macromedia developers exchange in addition to this one.
I can't think of any solution which does not depend on Javascript - CF has no timeout-driven functions.
Unfortunately about 12% of web users run with Javascript off, and some companies require their users ti ruin with Javascript off to minimise security risks (e.g.. cross-site scripting).
In such cases all you can do is inform the users that not running Javscript increases the risk of a timeout, by:
* including a NOSCRIPT block in at least the first page of the session.
* detecting timeouts and displaying a similar warning if a session times out. To detect a session timeout you need a cookie which tells you whether you expect to find session variables. So you have to check whether cookies are enabled - see for details. If the user disables all cookies you should warn them that they're creating a security problem for themselves because then the session identifiers CFID and CFTOKEN have to be passed as URL parameters, which are easier to hack than cookies.
Unfortunately about 12% of web users run with Javascript off, and some companies require their users ti ruin with Javascript off to minimise security risks (e.g.. cross-site scripting).
In such cases all you can do is inform the users that not running Javscript increases the risk of a timeout, by:
* including a NOSCRIPT block in at least the first page of the session.
* detecting timeouts and displaying a similar warning if a session times out. To detect a session timeout you need a cookie which tells you whether you expect to find session variables. So you have to check whether cookies are enabled - see for details. If the user disables all cookies you should warn them that they're creating a security problem for themselves because then the session identifiers CFID and CFTOKEN have to be passed as URL parameters, which are easier to hack than cookies.
- Status
Similar threads
- Locked
- Question