I have an application that at the end of the day 12:00 midnight I need all session.variables to expire and thus force my users to relogin.
WIll this code end all of my user sessions?
<cflock scope="Session" timeout="10" type="exclusive">
The answer is No, that code will not clear all of your sessions, only the current session. To clear all the sessions, you will have to go into some undocumented features of CF to get access to the sessions, also depends if you are using J2EE sessions or CFID/CFTOKEN sessions. A better solution to your specific problem might be to just put a timestamp in your session object, session.dateCreated then in your auth code make sure that dateCreated is the current day.
Weezerboy, your question starts by setting the reader on the wrong foot. To force your users to re-log in, you need not do anything about sessions!
You should have designed login using the cflogin-cfloginuser framework, combined with sessionManagement="yes" and loginStorage="session". To log a user out, it would then have been sufficient to send him to a CFM page containing the code:
Let us suppose, for your purposes, that sessionTimeout is 20 minutes. Then you could add temporary code to your Application file at 23:40 to redirect any requests to the logout page. You should also display a message to the user (perhaps on the logout page), saying that the site is under maintenance till 12:00 midnight. At midnight, remove the temporary code.