I've trying to set up a session timeout for my application but haven't been able to.
What I need to do is, a user loggin into the application and after a a certain time o inactivity hes session expiring by itself, so he has to login again.

I'm ussing 'cflogin' and the user is correctly authenticated, as far as I know, but his session only ends with a 'cflogout' call or by closing the browser, but not over some period of time, I've tried changing the numbers in the cfapplication tag but whitout any results.

The way I'm attempting to do it is setting:


Does any body know what am I missing?

Thanks.

you should replace "00" for seconds with one zero....

This should timeout after 15 mins of inactivity, try testing with a different browser........

Well here's where it's a little gray...

When you close a browser or call cflogout, a user's "session" does not go away. Calling cflogout (not sure about closing the browser) will only remove the user ID and pass from the roles on the server. The user's session variables will still be around until the session has 15 mins of inactivity even after a user closes their browser or a call is made to cflogout.

http://livedocs.macromedia.com/coldfusion/6.1/htmldocs/tags-p75.htm#wp2871521

Probably what you need to be doing, is if a user goes to the logout page and cflogout is called, reset their session variables as needed also. As for closing the browser, there is not much you can usually do about this in terms of session variables. As for the user's roles, I'm not sure if they go away when the browser closes.

Thanks for your posts.

But I haven´t been able to make it work, I removed the O 'andrew2' is telling me about but with no result.



I'm still logged in after the 15 mins period of inactivity, or any other number of minutes I set up.
This is what my code looks like:



I don't have any setup, because I haven't gotten yet to use that part, could this be the reason that the user is not been logge out?

I think what I need now (on byron's post) it's just that a logged in user is been logged out automatically after some specific period of time (in this example 15 mins).

Is there any place that you know of where I can find a working example that's running on a hostmysite.com server?.

I misinterpreted your first post.

CFLOGIN has nothing to do with session variable timeout. So you could have this scenario.

CFLOGIN, also set session.authenticate = yes
CFLOGOUT, close browser, open browser, session.authenticate still = yes

In this case you would need to set session.authenticate = no, when you do the CFLOGOUT as well.

CFLOGIN also has a idletimeout attribute. I also believe that the cflogin info, is stored in a session cookie, so when a user closes the browser, they should be getting "logged out", meaning their session cookie goes away, but session variables will still be around for X minutes.

Client variable storage has nothing to do with it, I wouldn't complicate matters using that until you have basic sessions working.

This might be the answer....your application is timing out after 15 mins, try resetting it to one day and see if that works:



Edit:
try removing (client variable storage) :

[/code]