• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Session restart?

Community Beginner ,
May 22, 2018 May 22, 2018

Copy link to clipboard

Copied

I may be missing something simple, but here's a problem I'm having and am looking for, hopefully, a simple solution.

Right now we have an 8 hour session limit. This is set up via Application.cfc and is working.

However, if the user is idle for less than 8 hours after initial logon, then is active on the site right up until the 8 hour limit, the session doesn't reset. The user gets logged off while active at the 8 hour mark.

Case scenario:

- 2pm - User logs on. The 8 hour session begins and expires at 10pm.

- 9pm - User resumes session after being idle. 7 hours elapsed in the session

- 10pm - User is still active on the site, but the session expires. If they access personal information, they get a message that they need to log on.

Is there a way to reset the beginning of the session at the 9pm mark so that the user isn't logged off while they're active on the site?

Views

704

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Engaged ,
May 22, 2018 May 22, 2018

Copy link to clipboard

Copied

Define "active".  Are they refreshing pages, or is it a single page app?  Do the pages always interface with the JVM, or are some just HTML pages served by a web server?  Also, what is your max session timeout set for sessions in the administrator?  What sessionTimeout is set in your Application.cfc?  What version of CF?  Do you have J2EE session variables enabled?

-Nic

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
May 22, 2018 May 22, 2018

Copy link to clipboard

Copied

They are refreshing or navigating to pages. Not a single page app. These are all .cfm pages.

The max session timeout in the Administrator is 2 days.

SessionTimeout in Application.cfc is: <cfset this.sessionTimeout = CreateTimeSpan(0,8,0,0) />

CF version is CF2016.

J2EE session variables are not enabled.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
May 22, 2018 May 22, 2018

Copy link to clipboard

Copied

Given all that, then the session expiration should indeed be reset EVERY time the person visits a CFM page. There is nothing you should be doing to “make it happen”. The session timeout is not “from their first request”.

So I would think that something else is amiss, and you need to understand that. For instance, perhaps the sessiontimeout is changing in a way you don’t expect.

I’m pretty sure, though, that the session scope has nothing in it that you can look at. I know there have long been undocumented internal java CF objects that tracked info about the session. A challenge with looking at them in the past is that merely trying to look at the info about the “current session” would automatically extend the timeout time, which could then negatively affect what you’re trying to observe. But perhaps Nic or someone else watching may recollect more.

I can’t take the time now to google around to find those for you. Perhaps that will help you, Chris (or some other reader), to start looking.

And you could try to leverage application.cfc and its onsessionend method to track when these timeouts are happening. Of course, that would track EVERY session ending, but you could at least log (or store in a db) info about each session as it ends, so that you could correlate what you’re seeing with what it would be logging. You may find something interesting. And to be clear, that’s an asynchronous process. It’s not something where you can show output to the user. The session ending happens “inside CF” and the method is thrown when it happens (which is why I propose logging or storing info in a DB).

So be careful to turn off such logging or DB writing when done with this analysis, as it could otherwise create a larger repository of info over time.

/charlie


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Engaged ,
May 22, 2018 May 22, 2018

Copy link to clipboard

Copied

Chris,

All of that sounds like it should indeed be keeping your session alive.  The feature I think Charlie is talking about would be to dump out application.getApplicationSettings().  This will give you concrete information about your session settings.  You could also set up some logging in onSessionEnd() in Application.cfc and grab additional details.

-Nic

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
May 23, 2018 May 23, 2018

Copy link to clipboard

Copied

LATEST

Thanks to you both for your responses. Good to know that this is something that should be handled automatically. I'll implement your suggestions and post again if I find a solution.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation