Is this possible.? 2 part question.

I would like to know of what is the possibility that once the sesion is over that a page would come up giving my user the opportunity to do one of two things
1.  exit the application


2. log back in.

this I would like if it could happen automatically.  I was thinking of trying it using a meta refresh but that would not be a true end of session it would just be like a page timer.  

I would like this to happen when there is a specific time span of imobility or actions during the session.

ie my session is set to #createtimespan(0,0,45,0).
so my user once that 45min session is over then they would have a page come up letting them know that the session is about to expire and they would in return have the choice of either closing out of the session or logging back in.

now within my loggin app I would like it after a successful login for it to take my user back to where their session had ended with out losing any work that was done?

any help is greatly appreciated. :)
Who is Participating?
something like this on every page (you should use a file include)

     <cfset VARIABLES.queryString = "?refresh=1">
     <cfset VARIABLES.queryString = "?refresh=1&#CGI.QUERY_STRING#">

<cflock timeout="30" throwontimeout="No" type="READONLY" scope="SESSION">
     <cfif IsDefined("URL.refresh") AND URL.refresh EQ 1>
          <CFIF IsDefined("COOKIE.CheckRefresh") AND NOT IsDefined("SESSION.SessionID") AND COOKIE.CheckRefresh NEQ SESSION.SessionID>
              <cflocation url="yourLoginPage.cfm">
          <cfcookie name="CheckRefresh" value="#Session.SessionID" expires="#CreateTimeSpan(0,0,30,0)#">


this would not be possible b/c you need some thing triggered from the client side.

A meta refresh will keep resetting the session so it won't time out.. if the user has timed out and they click on any link or hit reload you should just redirect to the login page.

But pass the current requested URL as a parameter in your redirect so you can send them to their original request after they login.

I believe this can be done.  I get an alert message from my online bank after 'X' minutes of inactivity that my session is going to expire and I am prompted to continue or quit.

Your question is one that deserves an answer, which I don't have.  I do have a couple of ideas, though, however elementary or misdirected they might be.

The server knows when to expire a session variable based on the settings in your APPLICATION.CFM and CF Server settings.  There has to be some kind of timestamp that gets refreshed each time a user/session id is submitted to the server.  Find this timestamp and you'll find your solution.  This solution may not be available via CF, so maybe Java, C, or ? would allow you to find a solution.

If this cannot be done, then a work-around could be to create your own timestamp refresh using Client variables or a database table. Where you update the user/session id timestamp each time a user requests a page.  Meanwhile, you need to have another CF page (scheduled to run every 60 seconds +/-) to compare all current user/session ids with this timestamp.  I believe I've seen a custom tag in the Developers Exchange that grabs all of the current user/session ids (I could be wrong as 'Old-Timers' disease is setting fast!).

I know I haven't given you much specific direction but maybe my vague ideas will help you find what you are looking for.
Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

Simply put some code either in the Application.cfm or at the top of the templates that require login that check for the session variable.

An example:

<CFIF NOT IsDefined('session.loggedin')>
   <CFLOCATION URL="login.cfm?referer=#thispage#">

On login.cfm you have the normal login page as well as a link that has HREF="javascript:self.close();"
jriver12Author Commented:

thanks for the insight and I will look into those possibilities,  but for future ref.

please let me decide if your comment is my answer,for now the question is locked and not that many experts jump into locked questions.

thanks again for the insight.
OK.. Try this...

     var aTimer;
     function aReload() {
          var login = confirm('Do you want to close your browser?')
          if (!login) {
          else {
          function startReload() {
               aTimer = setTimeout("aReload()", 5000);
          function stopReload() {

<BODY onLoad="startReload();">
Dawesi: Please STOP posting answers (it locks up a question).. you are suggesting solutions and they are NOT 110% the absolute answer.  It is an EE norm to post comments and allow the question asker to decide which expert helped the most.  Please read the bottom of this page for guidelines.

Also when you lock down a question it recieve less participation from other experts and that prevents the question asker from getting the most participation.

jriver12: You may have to keep track of session timeouts separately than what defaults in CF and that might solve your problem.

Maybe placing a timestamp in a cookie.

Using meta refresh.. but updating the cookie only when user interaction is involved.. meta refresh can detect if the cookie's timestamp has expired or not.

jriver12Author Commented:

please stop locking this question.

I have tried all of your suggestions and they are not quite what I am trying to accomplish.

your js is a nice idea but it just resets itself after a period of time.


your Idea sounds interesting but I don't feel that I have enough knowledge to even attempt "Using meta refresh.. but updating the cookie only when user interaction is involved.. meta refresh can
detect if the cookie's timestamp has expired or not"

can you maybe explain how that is done in a lil more detail.??


Now when a user logs in.. set a cookie using CFCOOKIE tag:
** Either a session only cookie with a timestamp value of of 30 mins from current time (or whatever your session timeout is)
** OR set the expiration time of the cookie to 30 minutes (or whatever your session timeout is) from current time.

All pages will update this cookie (whether it be its value or expiration time) when the user accesses a page UNLESS there is a refresh=1 parameter.

Your meta refresh tag will put this refresh=1 parameter in the URL to indicate that the page was reloaded by the meta refresh not by a user click.

If the cookie has expired/doesn't exist the user's session has truly timed out.

jriver12Author Commented:

I think I understand the cookie portion

<cfcookie name="CheckRefresh" value="#Session.SesionID" expires="#CreateTimeSpan(0,0,30,0)#">

but the portion of the meta refresh, would I be using standard <meta http-equiv="Refresh" content="30">
or do I now have to create a URL variable that would be passed throughout all of my pages?.
jriver12Author Commented:
thanks again cj
no prob. Thanx for the "A"

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.