Is this possible.? 2 part question.

Posted on 2002-03-12
Last Modified: 2013-12-24
I would like to know of what is the possibility that once the sesion is over that a page would come up giving my user the opportunity to do one of two things
1.  exit the application


2. log back in.

this I would like if it could happen automatically.  I was thinking of trying it using a meta refresh but that would not be a true end of session it would just be like a page timer.  

I would like this to happen when there is a specific time span of imobility or actions during the session.

ie my session is set to #createtimespan(0,0,45,0).
so my user once that 45min session is over then they would have a page come up letting them know that the session is about to expire and they would in return have the choice of either closing out of the session or logging back in.

now within my loggin app I would like it after a successful login for it to take my user back to where their session had ended with out losing any work that was done?

any help is greatly appreciated. :)
Question by:jriver12
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 2
  • +1
LVL 19

Expert Comment

ID: 6856933
this would not be possible b/c you need some thing triggered from the client side.

A meta refresh will keep resetting the session so it won't time out.. if the user has timed out and they click on any link or hit reload you should just redirect to the login page.

But pass the current requested URL as a parameter in your redirect so you can send them to their original request after they login.


Expert Comment

ID: 6858282
I believe this can be done.  I get an alert message from my online bank after 'X' minutes of inactivity that my session is going to expire and I am prompted to continue or quit.

Your question is one that deserves an answer, which I don't have.  I do have a couple of ideas, though, however elementary or misdirected they might be.

The server knows when to expire a session variable based on the settings in your APPLICATION.CFM and CF Server settings.  There has to be some kind of timestamp that gets refreshed each time a user/session id is submitted to the server.  Find this timestamp and you'll find your solution.  This solution may not be available via CF, so maybe Java, C, or ? would allow you to find a solution.

If this cannot be done, then a work-around could be to create your own timestamp refresh using Client variables or a database table. Where you update the user/session id timestamp each time a user requests a page.  Meanwhile, you need to have another CF page (scheduled to run every 60 seconds +/-) to compare all current user/session ids with this timestamp.  I believe I've seen a custom tag in the Developers Exchange that grabs all of the current user/session ids (I could be wrong as 'Old-Timers' disease is setting fast!).

I know I haven't given you much specific direction but maybe my vague ideas will help you find what you are looking for.

Expert Comment

ID: 6858708
Simply put some code either in the Application.cfm or at the top of the templates that require login that check for the session variable.

An example:

<CFIF NOT IsDefined('session.loggedin')>
   <CFLOCATION URL="login.cfm?referer=#thispage#">

On login.cfm you have the normal login page as well as a link that has HREF="javascript:self.close();"
Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.


Author Comment

ID: 6858731

thanks for the insight and I will look into those possibilities,  but for future ref.

please let me decide if your comment is my answer,for now the question is locked and not that many experts jump into locked questions.

thanks again for the insight.

Expert Comment

ID: 6858802
OK.. Try this...

     var aTimer;
     function aReload() {
          var login = confirm('Do you want to close your browser?')
          if (!login) {
          else {
          function startReload() {
               aTimer = setTimeout("aReload()", 5000);
          function stopReload() {

<BODY onLoad="startReload();">
LVL 19

Expert Comment

ID: 6861195
Dawesi: Please STOP posting answers (it locks up a question).. you are suggesting solutions and they are NOT 110% the absolute answer.  It is an EE norm to post comments and allow the question asker to decide which expert helped the most.  Please read the bottom of this page for guidelines.

Also when you lock down a question it recieve less participation from other experts and that prevents the question asker from getting the most participation.

LVL 19

Expert Comment

ID: 6861204
jriver12: You may have to keep track of session timeouts separately than what defaults in CF and that might solve your problem.

Maybe placing a timestamp in a cookie.

Using meta refresh.. but updating the cookie only when user interaction is involved.. meta refresh can detect if the cookie's timestamp has expired or not.


Author Comment

ID: 6861418

please stop locking this question.

I have tried all of your suggestions and they are not quite what I am trying to accomplish.

your js is a nice idea but it just resets itself after a period of time.


your Idea sounds interesting but I don't feel that I have enough knowledge to even attempt "Using meta refresh.. but updating the cookie only when user interaction is involved.. meta refresh can
detect if the cookie's timestamp has expired or not"

can you maybe explain how that is done in a lil more detail.??

LVL 19

Expert Comment

ID: 6861450

Now when a user logs in.. set a cookie using CFCOOKIE tag:
** Either a session only cookie with a timestamp value of of 30 mins from current time (or whatever your session timeout is)
** OR set the expiration time of the cookie to 30 minutes (or whatever your session timeout is) from current time.

All pages will update this cookie (whether it be its value or expiration time) when the user accesses a page UNLESS there is a refresh=1 parameter.

Your meta refresh tag will put this refresh=1 parameter in the URL to indicate that the page was reloaded by the meta refresh not by a user click.

If the cookie has expired/doesn't exist the user's session has truly timed out.


Author Comment

ID: 6864281

I think I understand the cookie portion

<cfcookie name="CheckRefresh" value="#Session.SesionID" expires="#CreateTimeSpan(0,0,30,0)#">

but the portion of the meta refresh, would I be using standard <meta http-equiv="Refresh" content="30">
or do I now have to create a URL variable that would be passed throughout all of my pages?.
LVL 19

Accepted Solution

cheekycj earned 150 total points
ID: 6864766
something like this on every page (you should use a file include)

     <cfset VARIABLES.queryString = "?refresh=1">
     <cfset VARIABLES.queryString = "?refresh=1&#CGI.QUERY_STRING#">

<cflock timeout="30" throwontimeout="No" type="READONLY" scope="SESSION">
     <cfif IsDefined("URL.refresh") AND URL.refresh EQ 1>
          <CFIF IsDefined("COOKIE.CheckRefresh") AND NOT IsDefined("SESSION.SessionID") AND COOKIE.CheckRefresh NEQ SESSION.SessionID>
              <cflocation url="yourLoginPage.cfm">
          <cfcookie name="CheckRefresh" value="#Session.SessionID" expires="#CreateTimeSpan(0,0,30,0)#">



Author Comment

ID: 6865628
thanks again cj
LVL 19

Expert Comment

ID: 6865895
no prob. Thanx for the "A"


Featured Post

Is Your DevOps Pipeline Leaking?

Is your CI/CD pipeline a hodge-podge of randomly connected tools? You’ve likely got a tool to fix one problem & then a different tool to fix another, resulting in a cluster of tools with overlapping functionality. Learn how to optimize your pipeline with Gartner's recommendations

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity Hosting Plan security, reliable, stable 1 85
Intranet Solution - Sharepoint Foundation or up 4 69
PHP Register global 21 118
DNS @ Naked Domain Record 5 132
A web service ( is a software related technology that facilitates machine-to-machine interaction over a network. This article helps beginners in creating and consuming a web service using the ColdFusion Ma…
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question