3 Replies Latest reply on Apr 18, 2007 1:09 PM by Kronin555

    Kill session var when multiple browser windows are open?

    sbsmithfl Level 1
      I'm a mid-level DW rpogrammer, and low level CF programmer.

      I am having a problem with automatically killing the session variable upon browser close, IF there are other window open.

      I'm using this in my application.cfm:

      <cfif StructKeyExists(session, "cfid") AND (NOT StructKeyExists(cookie,
      "cfid") OR NOT StructKeyExists(cookie, "cftoken"))>
      <cfcookie name="cfid" value="#session.cfid#" />
      <cfcookie name="cftoken" value="#session.cftoken#" />
      </cfif>


      This seems to kill the session variable when I close the browser window, if it is the only browser window open. If other window are open, the session doesn't get stopped?

      How do I do this??

      So many thanks,
      Stephen
      Tallahassee, FL


        • 1. Re: Kill session var when multiple browser windows are open?
          Level 7
          I am having a problem with automatically killing the session variable
          upon browser close, IF there are other window open.

          Are you sure this is the actual problem? Can you describe exactly what
          you are trying to achieve?

          I ask because there is a common misunderstanding on how session data on
          the server and the cfide/cftoken cookies on the client work. If you
          have the cookies set as per-session that are lost when a browser is
          closed, this does not actually delete any data on the server. It just
          prevents that client from ever accessing the data again. The server
          does not know the client has been closed and the cookies deleted. The
          client does not provide this information to the server. So all the
          server can do is wait for the designated timeout period to see if the
          session data will be requested again with the correct id & token, then
          it will delete the data.

          On the other hand, if you are actually asking how per-session cookies
          behave when browsers have multiple windows|tabs open. That I can not
          speak to, but I would imagine that it could be significantly different
          from browser to browser.



          • 2. Re: Kill session var when multiple browser windows are open?
            Level 7

            technically, the session does not "die" even after you close the browser
            window. the session only dies after it times out after the set timeout
            period of no activity (set either in cf admin or in sessiontimeout
            attribute of <cfapplication> in application.cfm or this.sessiontimeout
            in application.cfc. even if you close all browser windows, the original
            session will continue living until it times out.

            even if you have other browser windows open, and you wait until the
            session timeout, the session will expire.

            --
            Azadi Saryev
            Sabai-dee.com
            Vientiane, Laos
            http://www.sabai-dee.com
            • 3. Re: Kill session var when multiple browser windows are open?
              Kronin555 Level 1
              The problem is with transient cookies. Transient cookies are cookies that are deleted when the browser is closed (and are what are sent when you use J2EE session management or the cfcookie tags you specify). Closing a window of the browser without quitting the program doesn't trigger the deletion of the transient cookies (because the browser itself is still open), therefore you can go back to the site that you think your session is deactivated, when in fact it's still alive and well (assuming you go back before the session timeout period passes).

              The other posts regarding session timeout are 100% correct. The browser doesn't notify the server when it closes, so the server still needs to wait for the session to timeout prior to deleting any session variables.

              The only way around this would be to only use URL variables to track the session, not cookies.