• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Multiple session timeouts for remote functions

Explorer ,
Sep 03, 2020 Sep 03, 2020

Copy link to clipboard

Copied

Coldfusion Session Timeout:

Been reading through numerous posts regarding this.sessiontimeout and how to adjust it depending on who/what is running. For instance, My users log in, and I want their sessions to end in 10 hours (I know, but I have people who don't do anything for hours and don't want to have to log back in). I have a program that runs, and I need those sessions to end in 5 seconds of inactivtity (or I end up with hundreds of sessions showing up on fusionreactor).

 

Reading through the various articles, I'm getting mixed messages.

So, my question....
If I invoke a remote CFC from another server, it creates a session. If I put at the top of the Application.cfc

<cfif findnocase(ListLast(CGI.SCRIPT_NAME, "/"), "Viewall") gt 0>
     <cfset this.sessiontimeout = CreateTimeSpan(0,0,0,5)>
</cfif>

 

 

Did I just set the sessiontimeout for EVERYONE or just for that "Viewall" call?

REALLY, thank you for your time.

TOPICS
Advanced techniques

Views

407

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Sep 03, 2020 Sep 03, 2020

Copy link to clipboard

Copied

Hello, Ed,

 

According to Adobe Help, the "this" scope is for the user session.

 

Life span, as a real number of days, of the user session, including all Session variables. Use the CFML CreateTimeSpan function to generate this variable's value.

 

So, if the remote call creates a new session, then you should be limiting the session for just that remote call.  This is not gospel, this is my best guess.

 

V/r,

 

^ _ ^

 

UPDATE.. I may have read your question wrong.  The current user session is making a remote call, not the other way around.  So, yes, you'd be setting a timeout for that user's session.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Sep 06, 2020 Sep 06, 2020

Copy link to clipboard

Copied

I thank you for your insight. I implemented the change and it appears to be working as I had hoped it would - timing out just the one session. 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Sep 07, 2020 Sep 07, 2020

Copy link to clipboard

Copied

Please note: this.sessionTimeout is an application setting, not a session setting or user setting.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Sep 07, 2020 Sep 07, 2020

Copy link to clipboard

Copied

Changing it, though, doesn't appear to time out sessions currently in progress.  Since every request activates this setting (whether for a long or short period ot time), it ACTS like a session setting.  For example, process A sets the this.sessiontimeout to 10 hours and starts running.  Processes B, C, and D set the this.sessiontimeout to 2 seconds. and starts processing.  Session A is never affected while B, C, and D start and finish their session. E sets a long one and starts ....

Is there something I"m missing?  Is there a better way to do this?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Sep 07, 2020 Sep 07, 2020

Copy link to clipboard

Copied

This.sessionTimeout is the maximum length of time a user may be inactive, before ColdFusion terminates the session. Your initial description shows you're aware of this.

 

I therefore do not understand why you go on to say that processes B, C and D "start and finish their session" after 2 seconds. They don't necessarily. Not if they remain continually active on the application. In other words, even if they set this.sessionTimeout to 2 seconds, their session could carry on for hours, days or even months.

 

This.sessionTimeout is simply the amount of time a user is allowed to be idle, before ColdFusion considers him absent. It is an efficiency measure. There is no need for ColdFusion to reserve memory resources for a user who has gone away.

 

That explains why this.sessionTimeout is designed as an application setting, not a per-user setting. And it is like that, not only for ColdFusion, but for every application server.

 

Granted, ColdFusion is weakly-typed and you can make it do weird things. But such undocumented approaches are unpredictable and risky. As a result, you could one day discover that your application hadn't been behaving as you intended.

 

I can think of the following solution to your problem:

 

1) Log users in using cflogin;

2) Use the application setting: <cfset this.loginStorage="session">;

3) In onRequestStart or onCFCRequest, for example, do:

<cfif findnocase(ListLast(CGI.SCRIPT_NAME, "/"), "Viewall") gt 0>
<cflogout>
</cfif>

 

 

 

 

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Sep 06, 2020 Sep 06, 2020

Copy link to clipboard

Copied

 

 

 

<!--- 
Sets the session time-out to 5 seconds for EVERY user 
of the application 
--->
<cfset this.sessiontimeout = CreateTimeSpan(0,0,0,5)>

<!--- 
Sets or changes the session time-out to 5 seconds for EVERY user of 
the application, once some user requests a page containing "Viewall"
--->
<cfif findnocase(ListLast(CGI.SCRIPT_NAME, "/"), "Viewall") gt 0>
     <cfset this.sessiontimeout = CreateTimeSpan(0,0,0,5)>
</cfif>

 

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Sep 08, 2020 Sep 08, 2020

Copy link to clipboard

Copied

LATEST

If you create a sub directory with the CFC containing the remote functions and also have a separate Application.cfc, with the shorter session requirements in the same sub directory, any calls to the remote functions will use the new Application.cfc and not affect the main application. The Application.cfc in the  sub directory will need to specify a different application id.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation