Expiring a session

If I clear the session structure, does that clear only the session that is calling the structclear() or does it clear all sessions? I'm trying to "logout" a session. Thanks Matthew Small IT Supervisor Showstopper National Dance Competitions 3660 Old Kings Hwy Murrells Inlet, SC 29576 843-357-1847 http://www.showstopperonline.com

oi Matthew!! won't  that  get  rid  of  sessionID  and stuff like that? if you don't need it, that's fine, I just always do structDelete(...)'s ctz ------------------------------------ Tuesday, April 22, 2003, 12:52:23 PM, you wrote: MS> If I clear the session structure, does that clear only the session that MS> is calling the structclear() or does it clear all sessions? MS> I'm trying to "logout" a session. MS> Thanks MS> Matthew Small MS> IT Supervisor MS> Showstopper National Dance Competitions MS> 3660 Old Kings Hwy MS> Murrells Inlet, SC 29576 MS> 843-357-1847 MS> http://www.showstopperonline.com MS>

>structDelete(...)'s If i remember correctly.. structDelete(session).. will delete the entire session struct and invalidate all sessions. Joe Eugene ----- Excess quoted text cut - see Original Post for more -----

oi Joe!! i was referring to it for individual session items... not clear my bad. ctz ------------------------------------ Tuesday, April 22, 2003, 1:16:43 PM, you wrote: >>structDelete(...)'s JE> If i remember correctly.. structDelete(session).. will delete the entire JE> session struct and invalidate all sessions. JE> Joe Eugene ----- Excess quoted text cut - see Original Post for more ----- JE>

It'll only affect the current session.  However, you don't usually want to do that, as it'll clear the internal variables (like session.sessionID). Instead, use structDelete() on the specific variable(s) that you want to remove.  i.e.: structDelete(session, "authenticated"); structDelete(session, "userID"); structDelete(session, "roles"); That'll preserve any non-authentication/authorization data in the session in case the user needs it for something else. barneyb --- Barney Boisvert, Senior Development Engineer AudienceCentral (formerly PIER System, Inc.) bboisvert@audiencecentral.com voice : 360.756.8080 x12 fax   : 360.647.5351 www.audiencecentral.com ----- Excess quoted text cut - see Original Post for more -----

Thanks, I can do that.  But why would I need any session information at all if I am expiring the entire session? Matthew Small IT Supervisor Showstopper National Dance Competitions 3660 Old Kings Hwy Murrells Inlet, SC 29576 843-357-1847 http://www.showstopperonline.com It'll only affect the current session.  However, you don't usually want to do that, as it'll clear the internal variables (like session.sessionID). Instead, use structDelete() on the specific variable(s) that you want to remove.  i.e.: structDelete(session, "authenticated"); structDelete(session, "userID"); structDelete(session, "roles"); That'll preserve any non-authentication/authorization data in the session in case the user needs it for something else. barneyb --- Barney Boisvert, Senior Development Engineer AudienceCentral (formerly PIER System, Inc.) bboisvert@audiencecentral.com voice : 360.756.8080 x12 fax   : 360.647.5351 www.audiencecentral.com > If I clear the session structure, does that clear only the session that ----- Excess quoted text cut - see Original Post for more -----

I cache search criteria and such in the session scope for different applications.  If the user logs out, and then logs back in, it's nice to have that still around if possible.  You might also be storing information in the session that isn't specific to a secured area, and will be needed on the public side of the site that they'll use after they log out for the secured site. There are a lot of possibilities, all of which may be irrelevant to your situation.  However, since using structDelete now might save you some nasty bugs if you change the way things work down the road a few months, I'd highly recommend it (especially since it's only a handful of extra keystrokes). My $0.02 barneyb --- Barney Boisvert, Senior Development Engineer AudienceCentral (formerly PIER System, Inc.) bboisvert@audiencecentral.com voice : 360.756.8080 x12 fax   : 360.647.5351 www.audiencecentral.com ----- Excess quoted text cut - see Original Post for more -----

You dont use structClear() on session, invalidates session. If you are using CF4.5 or CF5.0, you expire CFID and CFTokens <cfcookie Name="cfid" value="" expires="NOW"> <cfcookie Name="cftoken" value="" expires="NOW"> If you are using CFMX and J2EE Sessions, you duplicate your <cfApplication> something like.. <CfApplication   Name="AppName"   clientStorage="someStorage..."   clientManagement="Yes"   setClientCookies="Yes"   applicationTimeOut="#createTimeSpan(0,0,45,0)#"   sessionManagement="Yes"   sessionTimeOut="#createTimeSpan(0,0,0,0)#"> Note:The session timeout value and <cfcookie Name="JSessionID" expires="NOW"> Hope the above helps. Joe Eugene ----- Excess quoted text cut - see Original Post for more -----

Just the "local" session.  My session doesn't have access to your's and vice versa. --  Ben Doom     Programmer & General Lackey     Moonbow Software, Inc : -----Original Message----- : : Sent: Tuesday, April 22, 2003 12:52 PM : To: CF-Talk : Subject: Expiring a session : : : If I clear the session structure, does that clear only the session that : is calling the structclear() or does it clear all sessions? : : I'm trying to "logout" a session. : : Thanks : : Matthew Small : IT Supervisor : Showstopper National Dance Competitions : 3660 Old Kings Hwy : Murrells Inlet, SC 29576 : 843-357-1847 : http://www.showstopperonline.com : : : :

AFAIK it will only delete that users session. I use this in our control panel so a user can logout. The logout link goes to a page that has the following code. <!--- clear all session vars ---> <cfloop collection="#session#" item="i">   <cfset i =  StructDelete(session, i)> </cfloop> <!--- clear all cookie's ---> <Cfloop collection="#cookie#" item="c">   <cfset c = StructDelete(cookie, c)> </cfloop> I then use meta tag to redirect them to the login page. <META HTTP-EQUIV=Refresh CONTENT="0; URL=https://www.thesiteiwant.com/login.cfm">; ~~ Stephenie Hamilton Macromedia Certified ColdFusion Professional CFXHosting If I clear the session structure, does that clear only the session that is calling the structclear() or does it clear all sessions? I'm trying to "logout" a session. Thanks Matthew Small IT Supervisor Showstopper National Dance Competitions 3660 Old Kings Hwy Murrells Inlet, SC 29576 843-357-1847 http://www.showstopperonline.com

nope...only the current session.  Recall the session scope is the current 'users' session, not 'all' sessions.  Also, you can not actually delete this struct, you can clear it though and delete keys in it other than cfid and token, IIRC.  Makes me wonder what structDelete(session) actually does! <cflock scope="SESSION" type="EXCLUSIVE" timeout="30">   <cfset structclear(session)> </cflock> the above works fine for ending a users session. Doug ----- Excess quoted text cut - see Original Post for more -----

> > structDelete(...)'s > > If i remember correctly.. structDelete(session).. will > delete the entire session struct and invalidate all > sessions. Just for clarification, StructDelete will only delete a single key within a structure, so it wouldn't even delete a single session, just one variable within the session: StructDelete(structure, "keyname") Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444