Skip to main content
J
JordonShaw
Participant
July 28, 2008
Question

Logging out issues

  • July 28, 2008
  • 6 replies
  • 992 views
I'm having a issue where whenever my users log out, they really don't logout. Their login is cached and until they delete all of their browser items, they are still logged in. What type of code do I need to use to have them actually log out when my logout script runs, and not make them have to clear everything in their browser?

Thanks,
Jordon
This topic has been closed for replies.

6 replies

BKBK
Community Expert
BKBKCommunity Expert
Community Expert
July 29, 2008
My immediate reaction to your Application.cfm is that the session timeout could be shorter, say, 20 minutes. However, I am sure the forum will solve your problem instantly if you show the code you use to log in the user and the log-out code.




BKBK
Community Expert
BKBKCommunity Expert
Community Expert
July 29, 2008
JordonShaw,

Could we see the code that logs in a user? Otherwise, it will remain mostly guess-work.

J
JordonShawAuthor
Participant
July 29, 2008
I'm wondering if maybe my application script has anything to do with it.

<CFAPPLICATION NAME="xxxx"
CLIENTMANAGEMENT="Yes"
SESSIONMANAGEMENT="Yes"
SESSIONTIMEOUT=#CreateTimeSpan(1,0,0,0)#
APPLICATIONTIMEOUT=#CreateTimeSpan(1,0,0,0)#>

<!--- Set these variables when site goes live --->
<cfset dsn = "xxxx">
<cfset dsn2 = "837">
<cfset adminemail = "xxxx">

<cfparam name="application.pidkey" default="tnfp08rt">

<cfif not isDefined("session.rollCount")>
<cfset session.rollCount = 1>
<cfset application.lastUser = iif(isDefined("application.currentUser"), "application.currentUser", DE("Nobody"))>
<cfset application.currentUser = iif(isDefined("client.clientName"), "client.clientName", DE("guest from #CGI.REMOTE_ADDR#"))>
<!--- Test for cookies --->
<cfcookie name="isOn" value="testing">
<cfset session.addToken = client.URLToken>
<cfelse>
<!--- Check to see if cookies are on. If no, make a query string variable with the CFID and CFTOKEN. --->
<cfset session.addToken = iif(not isDefined("cookie.isOn"), DE("#client.URLToken#"), DE(""))>
</cfif>
<!---
<CFHEADER NAME="Expires" VALUE="01 Jan 2000 00:00:01 GMT">
<CFHEADER NAME="Pragma" VALUE="no-cache">
<CFHEADER NAME="cache-control" VALUE="no-cache, no-store, must-revalidate">
T
Tams87
Participating Frequently
July 28, 2008
Check your memory and client variable settings on Coldfusion administrator. Add the structdelete to your code and then tell me what happens, are you still able to go to secured links when you open I.E after closing it? Are you using session variables?
T
Tams87
Participating Frequently
July 28, 2008
Ok say lets say that the user closes I.E and then opens it up, have the structure delete on top of the page the users see when they first come to your site so that if there is a preexisting user logged in then the structdelete will kill their session. Lets take the example of msn.com, once you logout of hotmail, you are redirected to msn.com homepage. At the top of this page, there is a structdelete before any other code so if another person clicks the back button they won't be able to login, the structdelete has already killed the previous users session. Hope that doesn't confuse you.
J
JordonShawAuthor
Participant
July 28, 2008
I think that's exactly what I need, with one more question. What happens if the user happens to have a direct link to a secured page. Right now, I have a script at the top of the page that checks to see if the user is logged in and if not, then takes them to the log on page, if so, then it allows them access to the site. If I took away that feature, then wouldn't my users have to log on at every page?

So, lets say that my users close out of internet explorer and then using a link to a secure page, they open back up, right to that page, how do I prevent then for being automatically logged in. Is there a way to kill the log in whenever they close out of Internet Explorer?

Jordon
P
paross1
Participating Frequently
July 28, 2008
Looks like you need a little help with state management..... Start here Managing the client state and see if this helps move you in the right direction a little.

Phil
T
Tams87
Participating Frequently
July 28, 2008
If you are logging out of the website then you need to delete the session structure. If you are redirecting the user to the login page after they logout then have structdelete at top of your login page. Hope that helps.
J
JordonShawAuthor
Participant
July 28, 2008
So, what if my users close out of Internet Explorer and don't ever log out. How do I make it where they do have to log on the next time, because right now, if you close out of I.E and then open back up and go back, you don't have to log back in.

Thanks,
Jordon
P
paross1
Participating Frequently
July 28, 2008
Log "out" of what? It would be pretty hard for anyone to offer any suggestions without any examples as to what they are logging "in" to in the first place, and also what your logout script is attempting to do.

Phil
J
JordonShawAuthor
Participant
July 28, 2008
I'm wanting my users to be able to log out of the whole website. I have a web portal that users log into and do different things while they are in there and then they click logout and it should kill all their authication to my web portal; however, they are still able to get to sites that should require user authication, because thier account is cached. So, the problem is, if they access my site from a public location, and then they leave, somebody behind them could come in behind them and get to my secure pages, as that user.
Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices