Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

How do I extend a users session and session variables in ColdFusion?

Posted on 2010-01-12
10
Medium Priority
?
516 Views
Last Modified: 2013-12-20
I have a ColdFusion application that has a form that uses session variables to prepopulate a form based on the user login ID and also store form input, in case of an error, the user will not lose the form data. However, I've now been requested to extend the session and login session time so that the user who begins to fill out the form, gets distracted by a phone call that takes over an hour, will not lose his/her data when they come back to continue filling out the form. Can someone help me to understand how this is done in CF?

Thank you.
0
Comment
Question by:Elizabeth2
  • 3
  • 3
  • 2
  • +1
10 Comments
 
LVL 19

Expert Comment

by:erikTsomik
ID: 26297470
you can try something like this
<cflock scope="session" type="readonly" timeout="5">
<cfset Variables.session =
Duplicate(session)>
</cflock>

http://coldfusion.sys-con.com/node/41649
0
 
LVL 53

Accepted Solution

by:
_agx_ earned 200 total points
ID: 26297831
Erik, that does not actually do anything to extend the session.  

Aside from increasing the session timeout, one option I've used is to capture information in the Appplication.cfc's onSessionEnd event and store it in db tables. There are pro's and con's to that approach (separate 'work' tables are needed, etc.)  Depending on the size of the form, client variables might be an option. But I have very little experience with those.
0
 
LVL 19

Expert Comment

by:erikTsomik
ID: 26297860
i would just store the values in the application scope
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
LVL 36

Assisted Solution

by:SidFishes
SidFishes earned 300 total points
ID: 26298071
I use a scheme similar to what agx suggests and store form data on the fly via both ajax calls and multiple form pages. Since your user is logging in, this works pretty well and can allow for resuming form submission days later. In my case I present a "Cart In Progress" message on next login with the option to continue or start new. I have 60 day clean up script that removes carts that are older which is run via the scheduler

Basically all you need is to assign the userid and a time to whatever the form data is and you can recall it on next log in ..however this doesn't change the session expiration time and the user -does- have to re-login in

to change session expiration, either modify the default in cfadmin or change it in your application.cfm/cfc



0
 

Author Comment

by:Elizabeth2
ID: 26298082
Thank you both for your suggestions. Unfortunately, I know just enough to get myself in trouble. I'm not sure I know "how" to do either of these suggestions.

Attached is my Application.cfm. Could I just extend the session timeout from "20" to "120?" And then extend the cflock timeout of "15" to "120?" Would that accomplish the goal of allowing a user to come back an hour later and continue to fill out his form?

Are there any pitfalls to extending the session timeout? These clients use these forms several times per day, so I'm thinking they would be best left unchanged, but I told my boss I'd check into extending the sessions. If I could give a good reason why not to change the current settings, that would avoid any additional complications that I may not know how to handle.

What do you think?

elizabeth
<cfapplication name='xxxxxxx' clientmanagement='yes' sessionmanagement='yes' setclientcookies='yes' setdomaincookies='no' sessiontimeout="#CreateTimeSpan(0,20,0,0)#">


<!--- Finds the number of sessions being currewnt in use, and displays them where ever using the page <cfinclude template="/users_count.cfm"> --->
<cflock timeout="15" scope="APPLICATION" type="EXCLUSIVE"> 
    <cfif NOT isDefined("Application.UsersInfo")>
          <cfset Application.UsersInfo = StructNew()>
    </cfif> 
</cflock>
<cflock name="#CreateUUID()#" timeout="15" type="EXCLUSIVE">
      <cfset user_cfid = Evaluate(CFID)>
      <cfset user_time = Now()>
</cflock>
<cflock scope="APPLICATION" type="EXCLUSIVE" timeout="15">
 <cfif NOT StructKeyExists(Application.UsersInfo, user_cfid)>
  <cfset temp = StructInsert(Application.UsersInfo, user_cfid, user_time)>
 </cfif>
</cflock>
<cflock scope="APPLICATION" type="EXCLUSIVE" timeout="15">
 <cfloop collection="#Application.UsersInfo#" item="itmUser">
  <cfif
   Evaluate(DateDiff("n", StructFind(Application.UsersInfo, itmUser), Now())) GT 10>
    <cfset StructDelete(Application.UsersInfo, itmUser)>
  </cfif>
 </cfloop>
</cflock>

<!--- Logs user out once browser is closed --->
<cfif IsDefined("Cookie.CFID") AND IsDefined("Cookie.CFTOKEN")>
  <cfset Variables.cfid_local = Cookie.CFID> 
  <cfset Variables.cftoken_local = Cookie.CFTOKEN> 
  <cfcookie name="CFID" value="#Variables.cfid_local#"> 
  <cfcookie name="CFTOKEN" value="#Variables.cftoken_local#"> 
</cfif>

Open in new window

0
 
LVL 36

Assisted Solution

by:SidFishes
SidFishes earned 300 total points
ID: 26298217
you don't need to extend cflock only sessiontimeout and that is the easiest and simplest way to get what you want done.

The only downside is that clients leaving desk while session is still active could reveal private data. (but then that can happen if it is set @ 20 min and they walk away at 10)

Encourage clients to logout when done and make them aware of the risks but you should be good to go (server service  will need a restart for setting to take affect)
0
 
LVL 36

Assisted Solution

by:SidFishes
SidFishes earned 300 total points
ID: 26298324
btw the -reason- you don't need to extend cflock is that is only used while setting application variables so there is no conflict.

Adding a cflock exclusive could prevent any other access to that variable during the lock time.

fyi cflock timeouts are specified in seconds not minutes like createtimespan and in most cases should not take more than a second or 2 to release

0
 
LVL 53

Assisted Solution

by:_agx_
_agx_ earned 200 total points
ID: 26298457
+1 .  I totally with SidFishes' answers

(Just to a tiny clarification, cflock has no absolutely effect on session timeouts.  So that is why you don't need to change the lock value.)
0
 
LVL 53

Expert Comment

by:_agx_
ID: 26298464
> I totally with SidFishes' answers

   Argh.  Trying to do too many things at once.  That should read "I totally _AGREE_ with SidFishes' answers"
0
 

Author Closing Comment

by:Elizabeth2
ID: 31676346
Great help! Thank you so much
0

Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
The purpose of this video is to demonstrate how to insert an Iframe into WordPress. This will be demonstrated using a Windows 8 PC. Go to your WordPress login page. This will look like the following: mywebsite.com/wp-login.php : Open Page or Post…
The purpose of this video is to demonstrate how to reset a WordPress password if you are locked out and cannot reset the password. A typical use would be if you cannot access the email to which WordPress would send the password recovery email to…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question