12 of 14
Assuming that you don't have some kind of cosmic power over the
browser and settings your site visitor chooses to use, you'll need
to find another solution. The easiest one I can provide requires
that either the Global Client Updates (Step 2.2 (d), above) is on,
or that you are updating the client LVISIT data within strategic
parts of your application. This way, if a certain period of time has
elapsed (30 minutes in these examples) beyond their last page
activity, the user is logged out by destroying their client
variables (see Listing 1).
The code in Listing 1 needs to be run at every page impression
(usually included in app_Globals.cfm or Application.cfm) or at least
at points where you wish to ensure that the user has remained
"active." If you want to optimize this code, you can create a stored
procedure for the query and run it on the server side (see Listing
2).
After running these queries/stored procedures, you may wish to
CFIF the primary client variable you're using to track login and
reset other client variables if the variable doesn't exist or is set
to the wrong value. In addition, you may not wish to actually
destroy all the client variables as I have done above - instead you
may just wish to set one particular variable to a certain value.
Adjust the examples above, or come up with your own.
A colleague suggested another method, in which the IsLoggedIn
client variable is actually set to the date/time of login (instead
of "1" or "0") and is then updated at each page request during a
logged-in session. That value is then compared to a timeout period
and destroyed if the user has been idle for too long. When the
variable is destroyed, the rest of the app validates the login
status and takes appropriate action. This method works just as well
and is one among many other options, I'm sure. There's even a CF
function available to you should you need it,
"DeleteClientVariable()". The bottom line is, choose whichever
methods are the most appropriate for your situation.
Once you've adjusted all the code necessary...test, test and then
test some more. Test your timeout and test every module. Don't roll
out your code until everything works the way it did before you
started.
12 of 14