deauthenticate?

Forum|Forum|16 years ago
November 16, 2009
1 reply
590 views

We want a user to have to relog in after session variable times out. We can get that to work but the user is still authenticated when returned to the login page.

Is there a way to deauthenticate the user by the time they get to the login page ?

This topic has been closed for replies.

W

whoisit28

Known Participant

can't you just structdelete those on the login page before you do anything else?

A

Anonymous

Sorry I don't understand. Will deleting the session struture deauthenticate the user?

The session structure has a timeout set in the cfapplication tag - sessionmanagement="yes" and createtimespan(0,0,30,0).

The first template after the login page assigns the structure's 1 key to a value and then every other template starts out by checking if structkeyexists(session,"thestruct.thekey"). If it returns true, the assignement is refreshed and if it returns false, the user is cflocated to the login page. The user is still authenticated when cflocated and am being told this is a security problem.

DOes cflogout deauthenticate the user ???? I have been told not to try it since the tag might be "destructive" and we have no test area right now.

D

Daverms

Inspiring

Hi lwfg,

You need to use the StructClear function in that case.

You can terminate the login session like this (before using the <cflocation> tag),

HTH

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded