Skip navigation
Currently Being Moderated

Clear All Session Variables at end of day

Jun 25, 2013 1:52 PM

Tags: #session #variables #cf9

I have an application that at the end of the day 12:00 midnight I need all session.variables to expire and thus force my users to relogin.

 

WIll this code end all of my user sessions?

 

<cflock scope="Session" timeout="10" type="exclusive">

      <cfset structclear(session)>

</cflock>

 
Replies
  • Currently Being Moderated
    Jun 27, 2013 8:46 PM   in reply to weezerboy

    The answer is Yes.

     

    I wondered, why you didn't try it? It's a simple code and you could test it by yourself.

     
    |
    Mark as:
  • Currently Being Moderated
    Jun 28, 2013 10:03 AM   in reply to p.sim

    The answer is No, that code will not clear all of your sessions, only the current session.  To clear all the sessions, you will have to go into some undocumented features of CF to get access to the sessions, also depends if you are using J2EE sessions or CFID/CFTOKEN sessions.  A better solution to your specific problem might be to just put a timestamp in your session object, session.dateCreated then in your auth code make sure that dateCreated is the current day.

     
    |
    Mark as:
  • Currently Being Moderated
    Jun 28, 2013 10:10 AM   in reply to Peter Freitag

    Peter is correct. It will clear the current session.

     

    My bad.

     
    |
    Mark as:
  • Currently Being Moderated
    Jun 29, 2013 1:25 PM   in reply to weezerboy

    Weezerboy, your question starts by setting the reader on the wrong foot. To force your users to re-log in, you need not do anything about sessions!

     

    You should have designed login using the cflogin-cfloginuser framework, combined with sessionManagement="yes" and loginStorage="session". To log a user out, it would then have been sufficient to send him to a CFM page containing the code:

     

    <cflogout>

     

    Let us suppose, for your purposes, that sessionTimeout is 20 minutes. Then you could add temporary code to your Application file at 23:40 to redirect any requests to the logout page. You should also display a message to the user (perhaps on the logout page), saying that the site is under maintenance till 12:00 midnight. At midnight, remove the temporary code.

     
    |
    Mark as:

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points