How can I restart a session

If the user clicks the log out button, I'm doing a structclear of the session scope. This means that any subsequent pages will not have the cfid or cftoken defined, so what I need to do is actually destroy the current session and restart a new one all in the same chunk of code. I happen to be doing this in onRequestStart

Thanks.
LVL 5
jtreherAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dgrafxCommented:

Why not do the structclear on a "logout" page

<cfset StructClear(session)>  of course to clear the struct
<then locate back to a home page or login or whatever>
aborting immediately after
<cfabort>

This is assuming you have some code in place that creates the session if it doesn't exist that is called when user comes to the site.
jtreherAuthor Commented:
Hmmm, the URL token is the only thing that shows up in the session scope. cfid and cftoken will not recreate themselves unless the browser is shut down.

i'm calling onSessionEnd() and then onSessionStart
dgrafxCommented:
Possibly you need to recreate them manually within your onSessionEnd
JeffHowdenCommented:
jtreher, this is why the CF docs specifically warn against using the StructClear() function on the session scope.

What I do to avoid this is have all session stuff stored in a key (that is itself a structure) off the session scope.

<cfscript>
  session.user = StructNew();
  session.user.id = 0;
  session.user.username = '';
  session.user.email = '';
</cfscript>

Then, clearing the login is as simple as using StructDelete on the user key.

<cfscript>
  StructDelete(session, 'user');
</cfscript>

Then, a redirect.  Some initialization code in application.cfm detects that the user key does not exist in the session scope and recreates it and all it's keys.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jtreherAuthor Commented:
Sorry about the delay, I will check into this because I really am using a substructure as well.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Servers

From novice to tech pro — start learning today.