Skip to main content
A
ACS LLC
Inspiring
November 24, 2011
Question

Terminating a session

  • November 24, 2011
  • 3 replies
  • 4800 views

I remember reading an article that terminating a session was not as simple as you would hope and that often happened were that the session variables were removed but the session was still active.

I have this <cfset tempvariable = StructClear(session)> to clear the session, but I want to make sure that the session is completely and utterly terminated.

I have to create a session when a user visits my script, but then depending on what country they are in I may immediately terminate the session and no content will be served to them, so the last thing I need are a huge amount of dead sessoins hanging around.

Could anybody confirm the best way to do this

Thanks

Mark

This topic has been closed for replies.

3 replies

BKBK
Community Expert
BKBKCommunity Expert
Community Expert
November 25, 2011

ACS LLC wrote:

I remember reading an article that terminating a session was not as simple as you would hope and that often happened were that the session variables were removed but the session was still active.

I have this <cfset tempvariable = StructClear(session)> to clear the session, but I want to make sure that the session is completely and utterly terminated.

I have to create a session when a user visits my script, but then depending on what country they are in I may immediately terminate the session and no content will be served to them, so the last thing I need are a huge amount of dead sessoins hanging around.

Could anybody confirm the best way to do this

Terminating a session is indeed a far from simple matter. (I am assuming you are using ColdFusion session management). Commonly, ColdFusion terminates a session if the session has remained idle during the period given by the sessionTimeout. ColdFusion has been designed to handle millions and millions of sessions in memory, which is why using structClear(session) is usually frowned upon. There is really no need to use it!

StructClear(session) instructs ColdFusion to delete not only user-defined variables like session.myVar, but also the system variables session.sessionID, session.CFID and session.CFToken. However, if the session had not timed out and the user continued to navigate beyond this page, which is often the case, ColdFusion would continue to maintain the session until the browser closed.

The usual advice is to use structDelete, and to remove just the user-defined session variables. The only drawback is when your application has many user-defined session variables. It would then be tedious to remove them all, one by one.

There is however a solution for that. Define one struct, and store all your session variables in it, thus

<cfset session.myData = structNew()>

<cfset session.myData.myVar001 = "...">

...

<cfset session.myData.myVar100 = "...">

To clear the session data later, it will be sufficient for you to do something like

<cfset session.isUserSessionDeleted = structDelete(session,"myData")>

D
Community Expert
Dave WattsCommunity Expert
Community Expert
November 25, 2011

The usual advice is to use structDelete, and to remove just the user-defined session variables. The only drawback is when your application has many user-defined session variables. It would then be tedious to remove them all, one by one.

There is however a solution for that. Define one struct, and store all your session variables in it ...

While this is the approach I generally follow, it isn't really that tedious to remove a bunch of individual session variables, since you can simply loop through the scope in a few lines of code.

Dave Watts, CTO, Fig Leaf Software

Dave Watts, Eidolon LLC
A
ACS LLCAuthor
Inspiring
November 25, 2011

This is getting complicated ;-)

I did just re-write my code so that I don't establish a session if the user is not in the right country, so that will be a huge help, however I'd still like to kill off anybody that has finished their session, rather than have it hang around.

How do you define the user defined sessions? Sessions I set in the code?

D
Dan_Bracuk
Inspiring
November 25, 2011

Read this:

http://www.bennadel.com/blog/1131-Ask-Ben-Ending-ColdFusion-Session-When-User-Closes-Browser.htm

D
Community Expert
Dave WattsCommunity Expert
Community Expert
November 25, 2011

Read this:

http://www.bennadel.com/blog/1131-Ask-Ben-Ending-ColdFusion-Session-Wh en-User-Closes-Browser.htm

This doesn't actually end the session, though - it just disconnects the user's browser from the session, which will remain on the server until it times out. That said, that's all I usually do, but if you were primarily concerned with the buildup of unused session data this wouldn't alleviate that problem.

Dave Watts, CTO, Fig Leaf Software

Dave Watts, Eidolon LLC
D
Community Expert
Dave WattsCommunity Expert
Community Expert
November 25, 2011

Typically, you do delete session variables but leave the session active. If you don't want a huge amount of dead sessions hanging around, keep the session timeout short. I don't think I'd worry about it beyond that, until you run into an actual problem.

Dave Watts, CTO, Fig Leaf Software

Dave Watts, Eidolon LLC
Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices