12 of 14

Assuming that you don't have some kind of cosmic power over the browser and settings your site visitor chooses to use, you'll need to find another solution. The easiest one I can provide requires that either the Global Client Updates (Step 2.2 (d), above) is on, or that you are updating the client LVISIT data within strategic parts of your application. This way, if a certain period of time has elapsed (30 minutes in these examples) beyond their last page activity, the user is logged out by destroying their client variables (see Listing 1).

The code in Listing 1 needs to be run at every page impression (usually included in app_Globals.cfm or Application.cfm) or at least at points where you wish to ensure that the user has remained "active." If you want to optimize this code, you can create a stored procedure for the query and run it on the server side (see Listing 2).

After running these queries/stored procedures, you may wish to CFIF the primary client variable you're using to track login and reset other client variables if the variable doesn't exist or is set to the wrong value. In addition, you may not wish to actually destroy all the client variables as I have done above - instead you may just wish to set one particular variable to a certain value. Adjust the examples above, or come up with your own.

A colleague suggested another method, in which the IsLoggedIn client variable is actually set to the date/time of login (instead of "1" or "0") and is then updated at each page request during a logged-in session. That value is then compared to a timeout period and destroyed if the user has been idle for too long. When the variable is destroyed, the rest of the app validates the login status and takes appropriate action. This method works just as well and is one among many other options, I'm sure. There's even a CF function available to you should you need it, "DeleteClientVariable()". The bottom line is, choose whichever methods are the most appropriate for your situation.

Once you've adjusted all the code necessary...test, test and then test some more. Test your timeout and test every module. Don't roll out your code until everything works the way it did before you started.

12 of 14