Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 894
  • Last Modified:

I would like to delete an entire session. Cflogout simply ends the session, but the variables remain on the server.

Here is my code I am using to view active sessions (basically shows a table of all users currently logged in)

<!--- Dump all session scopes --->
      <table width="95%" align="center" cellspacing="0" cellpadding="0" bgcolor="#EBE9E9">
            <TR bgcolor="#999999">
                  <TD align="left" valign="top"><img src="../images/topleft.gif"></TD>
                  <TD colspan="5" align="center"><B>Currently Logged In Users</B>&nbsp;<I>(Click to log user out)</I></TD>
                  <td align="right" valign="top"><img src="../images/topright.gif"></td>
            </TR>
            <TR>
                  <TD>&nbsp;</TD>
                  <TD><B>Cust Code</B></TD>
                  <TD><B>User Name</B></TD>
                  <TD><B>Real Name</B></TD>
                  <TD><B>Login Date</B></TD>
                  <TD><B>IP</B></TD>
                  <TD>&nbsp;</TD>
            </TR>
      
      <cfscript>
      session.test = true;
      tracker = createObject("java", "coldfusion.runtime.SessionTracker");
      mySession = tracker.getSessionCollection( application.applicationName );
      
      for (keyname in mySession) {
         WriteOutput("<TR onclick=""parent.Action.location.href = 'action.cfm?ToDo=KillSession&Session=" & keyname & "';"" onMouseover=""this.style.backgroundColor='##FF9999';"" onMouseout=""this.style.backgroundColor='##EBE9E9';"" style=""cursor:pointer; background-color : ##EBE9E9;""><TD>&nbsp;</TD><TD>" & mySession[keyname].custcode & "</TD><TD>" & mySession[keyname].username & "</TD><TD>" & mySession[keyname].name & "</TD><TD>" & DateFormat(mySession[keyname].lastlogin, "MM/DD/YYYY") & "&nbsp;" & TimeFormat(mySession[keyname].lastlogin, "HH:MM") & "</TD><TD>" & mySession[keyname].ip & "</TD><TD>&nbsp;</TD></TR>");
      }
      </cfscript>
      </table>


On my page action.cfm, for the ToDo='KillSession', I want to be able to delete the entire structure for the given users session.

My application name is 'Secure', and the key looks like this:   secure_84301870811097497028343


My current code looks like this:  But it appears to do nothing at all, not even error out:

                <cfcase value="KillSession">
                  Deleting session <cfoutput>#URL.Session#</cfoutput><BR><cfflush>
                  
                  <cfset a = StructDelete(session, URL.Session)>
                  Done.<cfflush>
            </cfcase>

Can anyone tell me what I am doing wrong???
0
JUSTICE
Asked:
JUSTICE
  • 3
  • 3
  • 3
2 Solutions
 
pinaldaveCommented:
use
                <cfset a = StructDelete(session, URL.Session)>
instead of
use
Structclear( URL.Session)
Regards,
---Pinal
0
 
JUSTICEAuthor Commented:
When I do a StructClear, as it says on Livedocs, it leaves a structure out there with the session key, and it has no variables.  Then, when I try to display all sessions, it errors because the Username variable no longer exists.  How do I delete the root structure / key??
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
CFDevHeadCommented:
Are you trying to delete the users current session?
If so I don't think you can do that.

if not and you are just trying to delete a reg. session this should be fine

secure_84301870811097497028343
<cfscript>
StructDelete(session, 'secure_84301870811097497028343');
</cfscript>
if secure_84301870811097497028343 is also a struct I have found that you need to delete the keys out secure_84301870811097497028343 before deleting secure_84301870811097497028343 out of session
<cfscript>
StructDelete(session.secure_84301870811097497028343, 'cfide');
</cfscript>
0
 
JUSTICEAuthor Commented:
Yes, basically I am trying to force a cflogout for a given user.  

Is there any way to <cflogout> for a passed user name?
0
 
CFDevHeadCommented:
I am sorry.  But did you say yes to this question "Are you trying to delete the users current session?"
if so I should explained a little more

Are you trying to delete the users current session that COldFusion assigns to the user?
If so you can not do this while they are still on a cfm page on your site.
0
 
JUSTICEAuthor Commented:
OK, I think I am just going to add a bit to my application page that will check a SQL flag.

If set to 1, then do a <cflogout> and re-set flag to 0.

Its a bit more of a pain, but it should work. :)

Thanks all!
0
 
CFDevHeadCommented:
Glad we could help
0
 
pinaldaveCommented:
wonderful!
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 3
  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now