End active session on server

New Here ,
Apr 27, 2017 Apr 27, 2017

Copy link to clipboard

Copied

Hi ,

Is there way to end session on server.

I tried various ways like

1. <cfset StructClear(Session)>

2. <cfset getPageContext().getSession().invalidate()>

3. <cfset this.sessionTimeout = createTimeSpan( 0, 0, 0, 1 ) />

But None seems to removing entries from Active session list.

image.JPG

Am i Missing something?

Views

2.2K

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Apr 30, 2017 Apr 30, 2017

Copy link to clipboard

Copied

Am i Missing something?

No, you are missing nothing.

StructClear(Session)

This clears the session structure, but does not end the session. Suppose you had defined key-value pairs in the session, such as,

session.x = 1;

session.y = "some string";

Then the structClear function deletes the key-value pairs (x,1) and (y, "some string") from the session struct. Thus, after you run structClear, structKeyExists(session, "x") and structKeyExists(session, "y") will be false. But the session will remain active.

getPageContext().getSession().invalidate()

This invalidates a J2EE session. I do believe this has the effect you want, as it will end the current session and start a new one the next time the user visits. But then, it applies to a J2EE session, not to a ColdFusion session.

For this to be effective, you had to have switched on J2EE sessions in the ColdFusion Administrator. If you hadn't, then the ColdFusion session would remain active after this line of code.

The corresponding code for the ColdFusion session is: sessionInvalidate()

this.sessionTimeout = createTimeSpan( 0, 0, 0, 1 )

In older versions of ColdFusion, it was possible to end a session by changing the timeout to this.sessionTimeout = createTimeSpan( 0, 0, 0, 0 ) or this.sessionTimeout = createTimeSpan( 0, 0, 0, 1 ). However, that is undocumented practice. In other words, it was just a quirk in the language, which happened to work by chance, not a recommendation. In fact, it is bad practice, as we shall see in a moment.

A related, and documented, way to end sessions is to expire the session cookies. In the following example, the user will get a new session the next time he or she visits.

<cfcookie name="CFID" value="" expires="now">

<cfcookie name="CFTOKEN" value="" expires="now">

Each of the above methods affects every user that visits the page. However, there is hardly ever a use case requiring that you end all user sessions manually.

Use cases will usually require you to delete the variables stored in a specific session. They will also require you to do so in a targeted manner. For example, by ID or by means of user-specific code such as

<cfif not isLoggedIn>

<cfset structClear(session)>

<cfcookie name="CFID" value="" expires="now">

<cfcookie name="CFTOKEN" value="" expires="now">

</cfif>

<cfif not isLegalUser>

<cfset sessionInvalidate()>

</cfif>

No application server, including ColdFusion, expects you to end sessions manually. The reason is simple. The server holds sessions in memory and is designed to take care of its own session management itself.

When the server creates user sessions, it gives each an ID and an idle-time-to-live, its timeout. The server's session management then keeps track of each individual session.

If the user is inactive for a period of time exceeding the sessionTimeout, the server will end the session whose ID corresponds to the user. There then follows the process of deleting the session and removing it from memory.

If you end sessions manually it will affect these memory processes and may lead to inefficiency.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Apr 30, 2017 Apr 30, 2017

Copy link to clipboard

Copied

Turn on J2EE session variables. Once the browser (client) is closed the session is terminated. Otherwise <cfscript>StructClear(session.Whatever)</cfscript> to do it manually.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Apr 30, 2017 Apr 30, 2017

Copy link to clipboard

Copied

With J2EE session vars enables you also negate the need to pass CFID/CFTOKEN to pages. Best thing ever. Damon pretty much came up with the idea of building ColdFusion as a Java application whilst on a plane. He no longer works for Macromedia/Adobe sadly.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Apr 30, 2017 Apr 30, 2017

Copy link to clipboard

Copied

The result was ColdFusion MX - the first version of CF available on non-Windows platform - because you know - JAVA.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Apr 30, 2017 Apr 30, 2017

Copy link to clipboard

Copied

LATEST

Damon Cooper was his name. A kick arse Java engineer.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines