Detecting end of session with JS

Report · Sep 09, 2016

Hello,

i'm using CF11,

part of my application.cfm file :

When the user is logged in, session variable session.validlog is set to 1

The JS script (loaded with index.cfm) :

function session_checking()

{

$.post("ajax-session.cfm", function(data) {

if(data === "-1")

{

window.location = "http:/myserver/login.cfm";

}

else

{

console.log('Session active') ;

}

});

}

var validateSession = setInterval(session_checking, 5000);

</script>

the ajax-session.cfm file :

</cfswitch>

So : every 5 sec ajax-session.cfm is executed, if it return -1, user is redirected to the login page.

Issue :

When application session timeout is coming to 0, the user is not redirected to the login page ...

Any idea ?

Thanks,

Marc

Report · Sep 09, 2016

Kind of a clever combining of CF and JS. Very nice.

However, you're expecting -1 if the session is gone, but your defaultcase is returning 0, not -1.

Why not just return the #session.validlog# value instead of using a switch/case? It's just returning a hardcoded version of #session.validlog#, anyway.

V/r,

^_^

Report · Sep 10, 2016

marcb301158 wrote:
When the user is logged in, session variable session.validlog is set to 1

To repeat WolfShade's point, what is the value of session.validlog when the user is not logged in, 0 or -1?

if(data === "-1")
{
window.location = "http:/myserver/login.cfm";
}
...
...
<cfswitch expression="#session.validlog#" >
<cfcase value="1">1</cfcase>
<cfdefaultcase>0</cfdefaultcase>
</cfswitch>

Use

session.validlog = -1 or 1

if(data == -1)

or

session.validlog = 0 or 1

if(data == 0)

Report · Sep 12, 2016

@Wolfshade :

Modifying ajax-session.cfm with #session.validlog#

When session ended, nothing happend, no return to login page.

In the console i see the output looping with the value of #session.validlog#.

It seems that the session never end.

When i comment the script, session ended as well.

Wierd ...

@BKB : answer in the above response session.log value is always 1 (session active) even if session timeout is out ...

Report · Sep 12, 2016

Running the script every five seconds is "polling", and (dare I say it) totally unnecessary. Since the application.cfc/.cfm is run prior to every page load, you can set a conditional (if/else or switch/case, I prefer the latter) in your onRequestStart() that checks for session.

However, the conditional will loop eternally unless part of the conditional takes the current page into account. So instead of JUST doing "if this session variable doesn't exist, redirect to login page", you need to "if this session variable doesn't exist AND if this page isn't login.cfm, redirect to login.cfm". That way, if the redirect goes to login.cfm, application.cfc/.cfm doesn't keep redirecting endlessly.

HTH,

^_^

Report · Sep 12, 2016

marcb301158 wrote:
@BKB : answer in the above response session.log value is always 1 (session active) even if session timeout is out ...

Then Application.cfc is much better for you than Application.cfm. Something like this:

Application.cfc

this.name = "myapp";

this.applicationTimeout = "#createTimespan(2,0,0,0)#";

this.clientManagement = "true";

this.sessionManagement = "true";

this.sessionTimeout = "#createTimeSpan(0,0,30,0)#";

this.scriptProtect = "all";

</cfscript>

<cfset session.validlog = -1>

</cffunction>

<cfset session.validlog = -1>

</cffunction>

</cfcomponent>

-------------------------------------------------

login.cfm

<cfset session.validlog = 1>

</cfif>

Report · Sep 12, 2016

Hello,

Thanks for the answers.

From where is "isLoginValid" coming from ? Is it a CF function ?

In my Application.cfm file i've something like this :

How can i insert these param in the cfc file ?

</cfcase>

</cfcase>

</cfswitch>

Thx

Marc

Report · Sep 13, 2016

Marc,

First, I would be remiss if I failed to mention that application.cfm is the old school approach to ColdFusion, and should be replaced with application.cfc, as the cfc is more modern, easier to work with, and you can set up all kinds of things with it.

But back to your most recent question. It can be placed almost anywhere within your application.cfm, but would probably be best right after the last line of code you provided, after the CFSWITCH. It won't be using JavaScript to detect end of session, per your original request, however it would be the best practice for checking end of session.

V/r,

^_^

Report · Sep 13, 2016

marcb301158 wrote:

From where is "isLoginValid" coming from ?

IsLoginValid is simply a boolean variable. (I expected you to recognize it by its name and to translate it according to your own context.) It holds the result of the validation of the user's credentials. If username and password are valid, then isLoginValid true, else false.

The variables seem to me to have scopes as shown below. I don't expect you to change servers or locale once the application has started.

Application:

vmware

mailStb

oldlocale

tableMvt

TableEqt

vueGlobale

envDev

Session:

validlog

isLoginValid (or your own equivalent variable)

You could then have

Application.cfc

this.name = "myapp";

this.applicationTimeout = "#createTimespan(2,0,0,0)#";

this.clientManagement = "true";

this.sessionManagement = "true";

this.sessionTimeout = "#createTimeSpan(0,0,30,0)#";

this.scriptProtect = "all";

</cfscript>

</cfcase>

</cfcase>

</cfswitch>

</cffunction>

</cffunction>

</cffunction>

</cfcomponent>

-------------------------------------------------

login.cfm

<cfset session.validlog = 1>

</cfif>