How do I extend a users session and session variables in ColdFusion?

I have a ColdFusion application that has a form that uses session variables to prepopulate a form based on the user login ID and also store form input, in case of an error, the user will not lose the form data. However, I've now been requested to extend the session and login session time so that the user who begins to fill out the form, gets distracted by a phone call that takes over an hour, will not lose his/her data when they come back to continue filling out the form. Can someone help me to understand how this is done in CF?

Thank you.
Elizabeth2Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

erikTsomikSystem Architect, CF programmer Commented:
you can try something like this
<cflock scope="session" type="readonly" timeout="5">
<cfset Variables.session =
Duplicate(session)>
</cflock>

http://coldfusion.sys-con.com/node/41649
0
_agx_Commented:
Erik, that does not actually do anything to extend the session.  

Aside from increasing the session timeout, one option I've used is to capture information in the Appplication.cfc's onSessionEnd event and store it in db tables. There are pro's and con's to that approach (separate 'work' tables are needed, etc.)  Depending on the size of the form, client variables might be an option. But I have very little experience with those.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
erikTsomikSystem Architect, CF programmer Commented:
i would just store the values in the application scope
0
Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

SidFishesCommented:
I use a scheme similar to what agx suggests and store form data on the fly via both ajax calls and multiple form pages. Since your user is logging in, this works pretty well and can allow for resuming form submission days later. In my case I present a "Cart In Progress" message on next login with the option to continue or start new. I have 60 day clean up script that removes carts that are older which is run via the scheduler

Basically all you need is to assign the userid and a time to whatever the form data is and you can recall it on next log in ..however this doesn't change the session expiration time and the user -does- have to re-login in

to change session expiration, either modify the default in cfadmin or change it in your application.cfm/cfc



0
Elizabeth2Author Commented:
Thank you both for your suggestions. Unfortunately, I know just enough to get myself in trouble. I'm not sure I know "how" to do either of these suggestions.

Attached is my Application.cfm. Could I just extend the session timeout from "20" to "120?" And then extend the cflock timeout of "15" to "120?" Would that accomplish the goal of allowing a user to come back an hour later and continue to fill out his form?

Are there any pitfalls to extending the session timeout? These clients use these forms several times per day, so I'm thinking they would be best left unchanged, but I told my boss I'd check into extending the sessions. If I could give a good reason why not to change the current settings, that would avoid any additional complications that I may not know how to handle.

What do you think?

elizabeth
<cfapplication name='xxxxxxx' clientmanagement='yes' sessionmanagement='yes' setclientcookies='yes' setdomaincookies='no' sessiontimeout="#CreateTimeSpan(0,20,0,0)#">


<!--- Finds the number of sessions being currewnt in use, and displays them where ever using the page <cfinclude template="/users_count.cfm"> --->
<cflock timeout="15" scope="APPLICATION" type="EXCLUSIVE"> 
    <cfif NOT isDefined("Application.UsersInfo")>
          <cfset Application.UsersInfo = StructNew()>
    </cfif> 
</cflock>
<cflock name="#CreateUUID()#" timeout="15" type="EXCLUSIVE">
      <cfset user_cfid = Evaluate(CFID)>
      <cfset user_time = Now()>
</cflock>
<cflock scope="APPLICATION" type="EXCLUSIVE" timeout="15">
 <cfif NOT StructKeyExists(Application.UsersInfo, user_cfid)>
  <cfset temp = StructInsert(Application.UsersInfo, user_cfid, user_time)>
 </cfif>
</cflock>
<cflock scope="APPLICATION" type="EXCLUSIVE" timeout="15">
 <cfloop collection="#Application.UsersInfo#" item="itmUser">
  <cfif
   Evaluate(DateDiff("n", StructFind(Application.UsersInfo, itmUser), Now())) GT 10>
    <cfset StructDelete(Application.UsersInfo, itmUser)>
  </cfif>
 </cfloop>
</cflock>

<!--- Logs user out once browser is closed --->
<cfif IsDefined("Cookie.CFID") AND IsDefined("Cookie.CFTOKEN")>
  <cfset Variables.cfid_local = Cookie.CFID> 
  <cfset Variables.cftoken_local = Cookie.CFTOKEN> 
  <cfcookie name="CFID" value="#Variables.cfid_local#"> 
  <cfcookie name="CFTOKEN" value="#Variables.cftoken_local#"> 
</cfif>

Open in new window

0
SidFishesCommented:
you don't need to extend cflock only sessiontimeout and that is the easiest and simplest way to get what you want done.

The only downside is that clients leaving desk while session is still active could reveal private data. (but then that can happen if it is set @ 20 min and they walk away at 10)

Encourage clients to logout when done and make them aware of the risks but you should be good to go (server service  will need a restart for setting to take affect)
0
SidFishesCommented:
btw the -reason- you don't need to extend cflock is that is only used while setting application variables so there is no conflict.

Adding a cflock exclusive could prevent any other access to that variable during the lock time.

fyi cflock timeouts are specified in seconds not minutes like createtimespan and in most cases should not take more than a second or 2 to release

0
_agx_Commented:
+1 .  I totally with SidFishes' answers

(Just to a tiny clarification, cflock has no absolutely effect on session timeouts.  So that is why you don't need to change the lock value.)
0
_agx_Commented:
> I totally with SidFishes' answers

   Argh.  Trying to do too many things at once.  That should read "I totally _AGREE_ with SidFishes' answers"
0
Elizabeth2Author Commented:
Great help! Thank you so much
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Servers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.