What would be best way to implement session management Application.cfm or Passing UrlToken.? How do you terminate a Session, if the user wants to check out before the timeout. I thought new browsers would change the session state , but it stays the same. How would you begin a new session, if the user pops up a new browser?
You can force the CFID and CFTOKEN to vanish from the browser using the
following code in your application.cfm file:"
<!--- Set up Application Framework --->
<!--- Force creation of sessin tracking cookies which expire at browser
<CFCOOKIE NAME="CFID" VALUE="#Session.CFID#">
<CFCOOKIE NAME="CFTOKEN" VALUE="#Session.CFTOKEN#">
Note that the cfapplication tag does not set cookies, the CFCOOKIE tag does.
CFAPPLICATION by default will set cookies which will not expire at browser
close... CFCOOKIE will (when you don't specify ann expire date).
You can also kill a session entirely (if you are using CF's session mgmt)
with this code:
And if you really want to destroy any trace of the session, you can reset
the CFID and CFTOKEN in the browser like so:
<CFCOOKIE NAME="CFID" VALUE="0">
<CFCOOKIE NAME="CFTOKEN" VALUE="0">