Martin,
Your code example cannot work because the "session" scope
doesn't exist until your application scope is defined. So you have
to handle this manually. Here's how you can get it done. First,
define your application to the maximum sessiontimeout you want to
have.
<CFAPPLICATION NAME="appControl" SESSIONMANAGEMENT="Yes"
SESSIONTIMEOUT="#CreateTimeSpan(1,0,0,0)#">
Then, I don't know how you are doing your login
authentication but when you have authenticated the user, you need
to define the userid and the most recent activity in the session.
Also determine your timeout value based on the userid. See example:
<CFIF IS_AUTHENTICATED>
<CFSET session.user.uid = form.userid>
<CFSET session.user.most_recent_activity = now()>
<CFIF session.user.id eq 1>
<CFSET session.user.timeout_mins = 20>
<CFELSE>
<CFSET session.user.timeout_mins = 1440>
</CFIF>
</CFIF>
Now, all you have to do is check whether the user has been
idle for too long and kill the session by purging all session
variables. For example:
<!--- if user id is defined, this means user is logged in
--->
<CFIF structKeyExists(session, "user") and
structKeyExists(session.user, "id")>
<!--- check if timeout has expired --->
<CFIF datediff("n", session.user.most_recent_activity,
now()) gt session.user.timeout_mins>
<!--- timeout has expired, kill the session and log the
user out --->
<CFSET StructClear(session)>
<!--- insert your logout code here --->
<CFELSE>
<!--- user hasn't timed out, so reset the most recent
activity to now --->
<CFSET session.user.most_recent_activity = now()>
</CFIF>
</CFIF>