Skip to main content
P
partTimeCrazy
Inspiring
January 14, 2014
Question

Coldfusion session timing out too soon?

  • January 14, 2014
  • 1 reply
  • 9441 views

I have coldfusion 10 installed as our main server. I am using sessions to store some information and have set sessiontimeout=#CreateTimeSpan(0,0,45,0)# in the application file but for some reason the session is timing out way before 45 mins - around 10 mins. Is there a reason for this? I thought having the timeout in the application file would overwrite anything set in the coldfusion admin. Is this not true?

Thanks

This topic has been closed for replies.

1 reply

A
Aegis_Kleais
Inspiring
January 14, 2014

Check the CF Admin.  The values set there can trump per-application settings.  So if the CF Admin states that the maximum size a session can be is 10 minutes, your app can tell CF to use more, but CF will only allow it to be as large as what's set in the Admin.

SERVER SETTINGS > MEMORY VARIABLES > MAXIMUM TIMEOUTS > SESSION VARIABLES

Also, FYI, you do not need to pound off the createTimespan() Built-in Function when you set it, ie, this is perfectly fine:

<cfset this.sessionTimeout = createTimespan( 0,0,45,0 ) />

P
partTimeCrazyAuthor
Inspiring
January 14, 2014

Thanks for the tip but..

I've had a look in the admin and the maximum timeout for the session variable is currently set at 2 days and the default timeout is set at 45 minutes so shouldnt that work just by default?

The full line of code i am using is:

<cfapplication name="xxxxxx" sessionmanagement="yes" setclientcookies="yes" sessiontimeout=#CreateTimeSpan(0,0,45,0)# />

Also the cookie timeout is set to 20 minutes, could that be part of the issue or could there be something else that is causing the problem? The setting i am adding is in an application.cfm file rather than application.cfc as it was coming from an old version of coldfusion, also HTTPOnly is checked and so is '

P
partTimeCrazyAuthor
Inspiring
January 15, 2014

Oh.  I don't use the <cfapplication> tag.  In its implementation, you should not omit the encasing quotes. ColdFusion interprets values as best as it can, but just to be safe that values get translated and not lost in syntax, it would read ...sessiontimeout="#createTimeSpan( 0,0,45,0 )#" />

Personally, I use application.cfc, where you simply set the sessionManagement variable of the 'this' scope in the pseudo-constructor area (the areas outside of functions), ie:

<cfset this.name = 'myAppName' />

<cfset this.sessionManagement = true />

<cfset this.sessionTimeout = createTimeSpan( 0,0,45,0 ) />

...

<cffunction name="onApplicationStart"...

What do you mean by cookie timeout?  If session management is enabled, then CF will attempt to set a cookie on the client machine which is subsequently sent back to CF on each request in order to maintain the session state.  Some browsers will let you inspect those cookies.  You could clear your cookies, make a request (creating and setting a new session cookie) and then inspect it to see if the timeout is set to 20 minutes from now or the intended 45.


i've never set up an application.cfc so i'm not sure about the differences. (I was using coldfusion 7 and upgraded to 10).

I changed the cookie timeout under 'Session Cookie Settings' in the coldfusion admin to be 45minutes and it is keeping me logged but after the 45 minutes it logs me out even if I am actually using the site.

bit confused to be honest!

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices