Is this possible.? 2 part question.

Posted on 2002-03-12
Last Modified: 2013-12-24
I would like to know of what is the possibility that once the sesion is over that a page would come up giving my user the opportunity to do one of two things
1.  exit the application


2. log back in.

this I would like if it could happen automatically.  I was thinking of trying it using a meta refresh but that would not be a true end of session it would just be like a page timer.  

I would like this to happen when there is a specific time span of imobility or actions during the session.

ie my session is set to #createtimespan(0,0,45,0).
so my user once that 45min session is over then they would have a page come up letting them know that the session is about to expire and they would in return have the choice of either closing out of the session or logging back in.

now within my loggin app I would like it after a successful login for it to take my user back to where their session had ended with out losing any work that was done?

any help is greatly appreciated. :)
Question by:jriver12
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 2
  • +1
LVL 19

Expert Comment

ID: 6856933
this would not be possible b/c you need some thing triggered from the client side.

A meta refresh will keep resetting the session so it won't time out.. if the user has timed out and they click on any link or hit reload you should just redirect to the login page.

But pass the current requested URL as a parameter in your redirect so you can send them to their original request after they login.


Expert Comment

ID: 6858282
I believe this can be done.  I get an alert message from my online bank after 'X' minutes of inactivity that my session is going to expire and I am prompted to continue or quit.

Your question is one that deserves an answer, which I don't have.  I do have a couple of ideas, though, however elementary or misdirected they might be.

The server knows when to expire a session variable based on the settings in your APPLICATION.CFM and CF Server settings.  There has to be some kind of timestamp that gets refreshed each time a user/session id is submitted to the server.  Find this timestamp and you'll find your solution.  This solution may not be available via CF, so maybe Java, C, or ? would allow you to find a solution.

If this cannot be done, then a work-around could be to create your own timestamp refresh using Client variables or a database table. Where you update the user/session id timestamp each time a user requests a page.  Meanwhile, you need to have another CF page (scheduled to run every 60 seconds +/-) to compare all current user/session ids with this timestamp.  I believe I've seen a custom tag in the Developers Exchange that grabs all of the current user/session ids (I could be wrong as 'Old-Timers' disease is setting fast!).

I know I haven't given you much specific direction but maybe my vague ideas will help you find what you are looking for.

Expert Comment

ID: 6858708
Simply put some code either in the Application.cfm or at the top of the templates that require login that check for the session variable.

An example:

<CFIF NOT IsDefined('session.loggedin')>
   <CFLOCATION URL="login.cfm?referer=#thispage#">

On login.cfm you have the normal login page as well as a link that has HREF="javascript:self.close();"
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users


Author Comment

ID: 6858731

thanks for the insight and I will look into those possibilities,  but for future ref.

please let me decide if your comment is my answer,for now the question is locked and not that many experts jump into locked questions.

thanks again for the insight.

Expert Comment

ID: 6858802
OK.. Try this...

     var aTimer;
     function aReload() {
          var login = confirm('Do you want to close your browser?')
          if (!login) {
          else {
          function startReload() {
               aTimer = setTimeout("aReload()", 5000);
          function stopReload() {

<BODY onLoad="startReload();">
LVL 19

Expert Comment

ID: 6861195
Dawesi: Please STOP posting answers (it locks up a question).. you are suggesting solutions and they are NOT 110% the absolute answer.  It is an EE norm to post comments and allow the question asker to decide which expert helped the most.  Please read the bottom of this page for guidelines.

Also when you lock down a question it recieve less participation from other experts and that prevents the question asker from getting the most participation.

LVL 19

Expert Comment

ID: 6861204
jriver12: You may have to keep track of session timeouts separately than what defaults in CF and that might solve your problem.

Maybe placing a timestamp in a cookie.

Using meta refresh.. but updating the cookie only when user interaction is involved.. meta refresh can detect if the cookie's timestamp has expired or not.


Author Comment

ID: 6861418

please stop locking this question.

I have tried all of your suggestions and they are not quite what I am trying to accomplish.

your js is a nice idea but it just resets itself after a period of time.


your Idea sounds interesting but I don't feel that I have enough knowledge to even attempt "Using meta refresh.. but updating the cookie only when user interaction is involved.. meta refresh can
detect if the cookie's timestamp has expired or not"

can you maybe explain how that is done in a lil more detail.??

LVL 19

Expert Comment

ID: 6861450

Now when a user logs in.. set a cookie using CFCOOKIE tag:
** Either a session only cookie with a timestamp value of of 30 mins from current time (or whatever your session timeout is)
** OR set the expiration time of the cookie to 30 minutes (or whatever your session timeout is) from current time.

All pages will update this cookie (whether it be its value or expiration time) when the user accesses a page UNLESS there is a refresh=1 parameter.

Your meta refresh tag will put this refresh=1 parameter in the URL to indicate that the page was reloaded by the meta refresh not by a user click.

If the cookie has expired/doesn't exist the user's session has truly timed out.


Author Comment

ID: 6864281

I think I understand the cookie portion

<cfcookie name="CheckRefresh" value="#Session.SesionID" expires="#CreateTimeSpan(0,0,30,0)#">

but the portion of the meta refresh, would I be using standard <meta http-equiv="Refresh" content="30">
or do I now have to create a URL variable that would be passed throughout all of my pages?.
LVL 19

Accepted Solution

cheekycj earned 150 total points
ID: 6864766
something like this on every page (you should use a file include)

     <cfset VARIABLES.queryString = "?refresh=1">
     <cfset VARIABLES.queryString = "?refresh=1&#CGI.QUERY_STRING#">

<cflock timeout="30" throwontimeout="No" type="READONLY" scope="SESSION">
     <cfif IsDefined("URL.refresh") AND URL.refresh EQ 1>
          <CFIF IsDefined("COOKIE.CheckRefresh") AND NOT IsDefined("SESSION.SessionID") AND COOKIE.CheckRefresh NEQ SESSION.SessionID>
              <cflocation url="yourLoginPage.cfm">
          <cfcookie name="CheckRefresh" value="#Session.SessionID" expires="#CreateTimeSpan(0,0,30,0)#">



Author Comment

ID: 6865628
thanks again cj
LVL 19

Expert Comment

ID: 6865895
no prob. Thanx for the "A"


Featured Post

Enroll in July's Course of the Month

July's Course of the Month is now available! Enroll to learn HTML5 and prepare for certification. It's free for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever sent email via ColdFusion and thought of tracking this mail to capture the exact date and time when the message was opened ?  If yes, then this article is for you ! First we need a table user_email with columns user_id , email , sub…
Article by: kevp75
Hey folks, 'bout time for me to come around with a little tip. Thanks to IIS 7.5 Extensions and Microsoft (well... really Windows 8, and IIS 8 I guess...), we can now prime our Application Pools, when IIS starts. Now, though it would be nice t…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor ( Top Charts is a view in which you can set seve…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question