Skip to main content
P
partTimeCrazy
Inspiring
January 14, 2014
Question

Coldfusion session timing out too soon?

  • January 14, 2014
  • 1 reply
  • 9441 views

I have coldfusion 10 installed as our main server. I am using sessions to store some information and have set sessiontimeout=#CreateTimeSpan(0,0,45,0)# in the application file but for some reason the session is timing out way before 45 mins - around 10 mins. Is there a reason for this? I thought having the timeout in the application file would overwrite anything set in the coldfusion admin. Is this not true?

Thanks

This topic has been closed for replies.

1 reply

A
Aegis_Kleais
Inspiring
January 14, 2014

Check the CF Admin.  The values set there can trump per-application settings.  So if the CF Admin states that the maximum size a session can be is 10 minutes, your app can tell CF to use more, but CF will only allow it to be as large as what's set in the Admin.

SERVER SETTINGS > MEMORY VARIABLES > MAXIMUM TIMEOUTS > SESSION VARIABLES

Also, FYI, you do not need to pound off the createTimespan() Built-in Function when you set it, ie, this is perfectly fine:

<cfset this.sessionTimeout = createTimespan( 0,0,45,0 ) />

P
partTimeCrazyAuthor
Inspiring
January 14, 2014

Thanks for the tip but..

I've had a look in the admin and the maximum timeout for the session variable is currently set at 2 days and the default timeout is set at 45 minutes so shouldnt that work just by default?

The full line of code i am using is:

<cfapplication name="xxxxxx" sessionmanagement="yes" setclientcookies="yes" sessiontimeout=#CreateTimeSpan(0,0,45,0)# />

Also the cookie timeout is set to 20 minutes, could that be part of the issue or could there be something else that is causing the problem? The setting i am adding is in an application.cfm file rather than application.cfc as it was coming from an old version of coldfusion, also HTTPOnly is checked and so is '

A
Aegis_Kleais
Inspiring
January 16, 2014

sorry forgot to say, no it isnt using subdomains.

if i read what you are saying correctly, then as long as I make a page request to the server within 45minutes the cookie and the session should stay active?

but what seems to be happening is that even if I make page requests within the 45 minutes the session is still timing out and I have to re-log in. which seems odd to me, no?


Yes. We've confirmed the cookie is being set with the proper value. Now we just have to troubleshoot the issue where your session is not staying maintained before that timeout value.

For clarification, you're repeatedly saying that you've been "logged out", but that isn't the problem we're troubleshooting, right?  We're looking as to why your session isn't being maintained.  "Logging in" is the process of going through authentication where you verify who you are to the server, it authenticates those credentials, and then can "log you in", often storing your information into the session.  The problem with the latter is that if you have code somewhere that is terminating the session or performing log out operation via improper misfire, this is different than a session that just seems to be lost at some point in requesting pages that are doing little more than presenting data.

Since you're not using subdomains, we don't have to worry about you navigating to other areas of the same domain.  Let's try this:

Make a page that just outputs this:

<cfoutput>#session#</cfoutput>

If you keep reloading that page, do the CFID/CFTOKEN values change?

By the by, what browser/version are you using?

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices