How do I clear all session variables once browser is closed.

You may refer to this site http://www.experts-exchange.com/Web/WebDevSoftware/ColdFusion/Q_20114864.html.

Since, this is similar or related to your posted problem but it's not my answer.

I do hope that I have helped you find a solution.

GOODLUCK!

Entrance2002 :)

NETUSER1976:

Where do I add "<cfset tmp=StructClear(Session)>" into my code, as this will clear all of variables a soon as it is issued, won't it. I only want the session variables to be cleared after the browser is closed.

Entrance2002:

Thanks for that link, but it seems to be for session cookies. I'm not using cookies.

u can include something like this in the onlogout.cfm page, or however u are handling the      logout ooperation..

<cfscript>
if (isdefined("session.sessionVar1"))
      {
            structdelete(Session, "sessionVar1");
      }
      
// list all the session variables here
</cfscript>


having said this i am sure most of the guys here will agree with me that the user will never ever hit the logout link, but would rather hit the close window X. so, u may want to optimise the location and instance where u want to call this session clearing script...

typically, i check for the session varauble, if found all is ok, else, i re-route the user back to the login page and before he logs in, i will clear all the session variables, just as a good housekeeping practise..

cheers
-r

raj_

Thanks for your reply.

The problem that I am having is that users are logging in and then when they are finished they are not logging out they are just hitting the 'X', so when another user comes along and goes into the same site the previous person is still logged in, which is a security risk.

So how do I go about clearing the session variables once the browser window has been closed, because if I add a script which checks if the variables exist, how do I know if the variables are from the new users session or the old users session ???

Thanks

well, if all u have is a single window application, where u do not do any fancy pop-ups etc, try using the onunload() function.. this gets called everytime a window gets closed... this can be used to call a clearSessionVariableds.cfm template which can do the clean up.. or try the onRequestEnd.cfm.. this is the last file which gets called (has some limitations)

cheers
-r

raj_

I can't use th OnRequestEnd.cfm file as the limitations it has will get in the way and won't work, and I am not too good with Javascript so if you could show me how to use the onUnload() function to load a CFM template, I would be very greatful. Please make sure that the template is run in the background and not opened in a new window.

Many Thanks.

hmm.. i have never tired using this.. hence UNTESTED ;-)

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
      <title>Untitled</title>
<script>
      function foobar()
      {
            document.all.cleaner.src='cleanUpMySessionVars.cfm';
      }
</script>
</head>

<body onunload="foobar()">
      my page comes here !!!
      
      <!--- use a iframe for executing the session cleaner script--->
      <iframe name="cleaner" id="cleaner" width="95%" height="650" frameborder="0" style="display: none"> </iframe>
      
</body>
</html>

_raj,

I just get a 'Object Expected' error in IE.

P.S What the hell is a iframe ?

lol.. iframe or inline frame is a blessing to do some cool things in IE.. think of them as the good ol frames, but a floating version..
i may be wrong with the name resolution "document.all.cleaner.src".. I will try and see where i am screwing up..

the page in simple english being:

1) <body onunload="foobar()"> :: this unload method will be called when the page is closed.. this way the function foobar() gets called
2) function foobar, will run a page called as cleanUpMySessionVars.cfm, which u have, which basically is a series of
<cfscript>
if (isdefined("session.sessionVar1"))
    {
         structdelete(Session, "sessionVar1");
    }
   
// list all the session variables here
</cfscript>
for all the session variables used
3) the iframe acts like a container which is used to run the file..

cheers
-r

i guess i must have succeeded in shooting myself in the foot..  on deeper thought,. this may have to be modified.. the function foobar() actually needs to open a small window on the extreme left or wherever, basically away from the users sight (or viewing scope).. this will then run the clear session variables page which u have..

the reason for this being (i may be wrong) is that on the onunload method being called, the connection between the server and client is lost and hence u cannot execute the clear session page inside the iframe..

cheers
-r

ok after a quick lunch, blood flows back to the cranium and things fall in place..

let me give u a small insight as to how the session variables are stored (i am sure u must be aware of this).. sessions like many other variables are stored in structures in coldfusion, this structure is identified by the structid which is a combination of the cfid and cftoken, which are unique for each browser, hence each user using different browser has his own copy of the session variables..
now the cfid and cftoken are stored in cookies and hence if u delete the cookies or expire them, u should be fine..

try this..
1) login to ur app
2) close the brower window
3) reopen the app immediately, u will bypass the login page - as the sessions are alive..
now
5) close the app window
6) open the D:\Documents and Settings\Cookies directory or wherever the cookies are stored on ur PC, identify the one which is created by ur app
delete that cookie
7) reopen the app, it wil make u to re-login. in this case the session is still alive, ad will be till it times out, but the browser is unable to identify which structure to use.

so, try expiring the cookie, using the a function called from the  onUnload method and u should be able to get the desired result..

cheers
-r

_raj,

Hope you enjoyed lunch, because this is looking to be a long day ;)

Right, I know what you're getting at but i am not using COOKIES so there ain't any to delete.

So the scenario is still the same, sorry !

Back to you mate... ;)

you can't do what you are trying.  there is no "onwindowclose" event, and for good reason- if someone wanted you to never be able to close a window, they could do that.  in fact, i don't even like the idea of the onunload event, because they can do the same thing if they want, but opening thier page in a new window.

the best you can do is use the onUnload event to call a page to expire the session, but then pass the userinfo to the new page (in case it is in your site) to make the user "relogin".  if they closed the window, they won't login again.  if they went to another site, they won't log in again.  this still gives the problem that you are potentially passing info to other sites.

if you were using cookies, you could just leave off the expires property of the cookie, and it would delete itself when the browser closed.  but you would still have the problem of if they leave the site and don't logout, someone else on the same machine can go back and be logged in.

if the onunload doesn't work for you, i think you're sol.   if the data is so sensitive that this is an absolute neccesity, you would hope the people who are using it know the sensitivity of the data, and aren't enough of an idiot to log on at the local library and leave the nation's most top secret documents related to nuclear arms open for the world to see.  if they do wish to be that insecure with thier own data, then you would hope they would just spend the money to create a technology and an application that does what they are looking for.

if the onunload event is what you're looking for, you'd need to do something like:

application.cfm:

if isdefined("form.login") and cgi.http_referrer is something from yoursite
   attempt to authenitcate user
if user is not authenticated, <cfabort>
else continue as normal


every other page:
<script>
function logoutandlogin()
{
location.href('logout.cfm?gourl='+hide.innerHTML);
}
</script>

<body onunload="loginandlogout();">
<div name="hide" id="hide">
 
</div>

and every link should look like:
<a href="#" onclick="hide.innerHTML='test.cfm';logoutandlogin();">click here</a>

with test.cfm replaced as the url to where you want the link to go.



on logout.cfm:

set temp variables of the session
expire the session
create and post a form (using formname.submit();) with the temp variables to the page #url.gourl#

application.cfm will then log them in again.

note that certain versions of netscape will not allow you to autopost a form like that, so you might just use <cflocation>

also, besure to check if #gourl# is defined... this also will not allow them to visit other sites in this window. (since the onunload will call your function)

also, i've read that onunload only works in IE, though i have not tested it myself.

Right,

Well it looks like the Unload() option is a last resource, it's going to be a pain in the arse :-)

If you don't mind, how do i do the following:

//-->
Using cookies in the same way as the session variables;
To check if cookies are enabled;
Make cookies expire when browser is closed;
Make cookies never expire;

Also in the new IE browsers if you try using cookies, a browser with standard security will block my cookies because as they don't have a privacy policy, how do I go about that ??

Many Thanks.

Thanks iwords, it worked a treat !

i thought you weren't using cookies?