Skip to main content
Known Participant
July 31, 2013
質問

Variable sessiontimeout?

  • July 31, 2013
  • 返信数 3.
  • 966 ビュー

Hello all,

I have an area of a website that users log into.  Upon logging in, they are given a certain access level based off criteria in the datasource.  For regular users, the sessiontimeout in my application.cfm file looks like this: <cfapplication name="MemberSession" sessionmanagement="Yes" sessiontimeout="#CreateTimeSpan(0,0,20,0)#">.  Is there a way, based off the criteria in the datasource that assigns access levels (ALevel), to make the sessiontimeout longer for certain "privileged" users?  I tried the code below, but CF returned an error.

<cfif Session.ALevel neq 'SEC' or Session.ALevel neq 'EXSEC'>

<cfapplication name="MemberSession" sessionmanagement="Yes" sessiontimeout="#CreateTimeSpan(0,0,20,0)#">

<cfelse>

<cfapplication name="MemberSession" sessionmanagement="Yes" sessiontimeout="#CreateTimeSpan(0,0,90,0)#">

</cfif>

Thank you!

    このトピックへの返信は締め切られました。

    返信数 3

    BKBK
    Community Expert
    Community Expert
    August 2, 2013

    Haven't you guys noticed the chicken-and-egg conundrum? The if-statement already makes use of the session scope. Yet the session is only defined later in the code within the if-block.

    In any case, you should not be doing this in the first place! The fact that you are, suggests to me that you might be giving an incorrect interpretation to the concept of session timeout.

    Take, for example, a sessiontimeout setting of 20 minutes. It means that, if a user fails to interact with your application in a period of 20 minutes, then your application will consider him gone. ColdFusion will then end his session to save resouces. If your login framework is associated with sessions, ColdFusion will also log him out.

    In other words, should the user return after 20 or more minutes of inactivity, ColdFusion will consider him a new user and assign him a new session. If your login framework is associated with sessions, ColdFusion will require him to log in.

    Session timeout is therefore a property that is related to the application. The users, be they Admins, Princes or paupers, are all subject to the same session timeout. So it should be.

    There is another way of saying that a user's session has timed out after 20 minutes. It is that the session has been idle for 20 minutes. Admins, Princes or paupers can all be idle.

    p_sim
    Participating Frequently
    August 1, 2013

    <cfset session_timeout = CreateTimeSpan(0,0,90,0) />

    <cfif IsDefined("Session.ALevel") AND (Session.ALevel NEQ "SEC" OR Session.ALevel NEQ "EXSEC")>

              <cfset session_timeout = CreateTimeSpan(0,0,20,0) />

    </cfif>

    <cfapplication name="MemberSession" sessionmanagement="Yes" sessiontimeout="#session_timeout#" />

    Inspiring
    July 31, 2013

    In all my time in CF, I've never known about a <cfapplication> tag.

    I would have something in the application.cfc's psuedo constructor area (outside all BIFs) like:

    <cfif isDefined( 'SESSION.ALevel' ) AND SESSION.ALevel eq 'SEC'>

         <cfset THIS.sessionTimeout = createTimeSpan( 0,0,20,0 ) />

    <cfelse>

         <cfset THIS.sessionTimeout = createTimeSpan( 0,0,90,0 ) />

    </cfif>

    Since that code gets executed on every request, it would ensure that the SESSIONTIMEOUT variable for the THIS scope is set according to the member level.

    Understand, too, that if the CF Admin specifies a maximum session value shorter than what you specify, your session cannot sit idle longer than that.