Lately I used CFLOGIN to manage user's session and its so powerful. It comes up with so many luxury of setting up the user roles, and at any point of time, IsUserLoggedIn(), GetAuthUser() comes in handy.
CFLOGOUT makes life much more easier to logout a user. But then it doesn't do everything like clearing session values, etc. In fact, clearing the session values have to be handled by us for the right behaviour of the application.
The real glitch is the way cflogin and session handles the timeout. There are two rules.
1. If the session expires, cflogin expires.
2. If the cflogin expires, session doesn't have to expire and rather it doesn't expire.
So careful steps have to be taken while setting the session time out in app.cfc and idletimeout in cflogin.
Now, if a user is given an option to renew a session, a soft refresh using ajax post would do. ie an ajax post to the server would be considered as a call to the server and the session would be considered as renewed.
But cflogin doesn't recognize that. In that case, a hard refresh of the page is needed to make a call to the application/web server. That would let the cflogin renew its session too.
CFLOGOUT makes life much more easier to logout a user. But then it doesn't do everything like clearing session values, etc. In fact, clearing the session values have to be handled by us for the right behaviour of the application.
The real glitch is the way cflogin and session handles the timeout. There are two rules.
1. If the session expires, cflogin expires.
2. If the cflogin expires, session doesn't have to expire and rather it doesn't expire.
So careful steps have to be taken while setting the session time out in app.cfc and idletimeout in cflogin.
Now, if a user is given an option to renew a session, a soft refresh using ajax post would do. ie an ajax post to the server would be considered as a call to the server and the session would be considered as renewed.
But cflogin doesn't recognize that. In that case, a hard refresh of the page is needed to make a call to the application/web server. That would let the cflogin renew its session too.
No comments:
Post a Comment