4 Replies Latest reply on Jun 29, 2013 1:25 PM by BKBK

    Clear All Session Variables at end of day

    weezerboy Level 1

      I have an application that at the end of the day 12:00 midnight I need all session.variables to expire and thus force my users to relogin.


      WIll this code end all of my user sessions?


      <cflock scope="Session" timeout="10" type="exclusive">

            <cfset structclear(session)>


        • 1. Re: Clear All Session Variables at end of day
          p.sim Level 3

          The answer is Yes.


          I wondered, why you didn't try it? It's a simple code and you could test it by yourself.

          • 2. Re: Clear All Session Variables at end of day
            pete_freitag Adobe Community Professional

            The answer is No, that code will not clear all of your sessions, only the current session.  To clear all the sessions, you will have to go into some undocumented features of CF to get access to the sessions, also depends if you are using J2EE sessions or CFID/CFTOKEN sessions.  A better solution to your specific problem might be to just put a timestamp in your session object, session.dateCreated then in your auth code make sure that dateCreated is the current day.

            • 3. Re: Clear All Session Variables at end of day
              p.sim Level 3

              Peter is correct. It will clear the current session.


              My bad.

              • 4. Re: Clear All Session Variables at end of day
                BKBK Adobe Community Professional & MVP

                Weezerboy, your question starts by setting the reader on the wrong foot. To force your users to re-log in, you need not do anything about sessions!


                You should have designed login using the cflogin-cfloginuser framework, combined with sessionManagement="yes" and loginStorage="session". To log a user out, it would then have been sufficient to send him to a CFM page containing the code:




                Let us suppose, for your purposes, that sessionTimeout is 20 minutes. Then you could add temporary code to your Application file at 23:40 to redirect any requests to the logout page. You should also display a message to the user (perhaps on the logout page), saying that the site is under maintenance till 12:00 midnight. At midnight, remove the temporary code.

                1 person found this helpful