Issue

The StructClear(Session) function works differently in 4.5.0 and higher then it did in previous versions. When using it you may notice that the SessionID, CFID, and CFTOKEN gets cleared.

Example:

<CFSET StructClear(Session)>

The variables SessionID, CFID, and CFTOKEN are set once by ColdFusion instead of on every request. When you use theStructClear(Session) function, it will clear the SessionID, CFID, and CFTOKEN variables because they are set once and they are in a Struct.

Solution

Here are some workarounds:

Use StructDelete() instead.

If you need to clear one of these variables you will want to use the StructDelete(structure, key [, indicatenotexisting]) function to delete the one variable.

<!--- Select the one session to delete ---><CFSET StructDelete(Session, "Access_Level")>

This example will only clear the Session.Access_Level and not the SessionID, CFID, or CFTOKEN.

Create a new Struct to preserve some of the session variables.

You can create a temp Struct to capture the CFID, CFTOKEN, SESSIONID, URLTOKEN and any important information and after you clear the session reset the temp Struct.

<!--- Copy the important values. ---><CFLOCK SCOPE="Session" TYPE="ReadOnly" TIMEOUT=60><CFSET Temp = StructNew()><CFSET Temp.CFID = Session.CFID><CFSET Temp.CFTOKEN = Session.CFTOKEN><CFSET Temp.SESSIONID = Session.SESSIONID><CFSET Temp.URLTOKEN = Session.URLTOKEN></CFLOCK><!--- Kill the session ---><CFLOCK SCOPE="Session" TYPE="Exclusive" TIMEOUT=60><CFSET StructClear(Session)></CFLOCK><!--- Restore the important values. ---><CFLOCK SCOPE="Session" TYPE="ReadOnly" TIMEOUT=60><CFSET Session.CFID = Temp.CFID><CFSET Session.CFTOKEN = Temp.CFTOKEN><CFSET Session.SESSIONID = Temp.SESSIONID><CFSET Session.URLTOKEN = Temp.URLTOKEN></CFLOCK>

Timeout the Application.cfm.

In your Application.cfm you can force the application to expire. Use the example below to do this.

<CFAPPLICATION NAME="Foo" SESSIONMANAGEMENT="Yes"><!--- Log the user out. ---><CFIF IsDefined("URL.Logout")><P>  Logging you off. <P><!--- Kill the app ---><CFAPPLICATION NAME="Foo"    SESSIONMANAGEMENT="Yes"    SESSIONTIMEOUT="#CreateTimeSpan(0,0,0,0)#"><meta http-equiv="REFRESH" content="1; url=index.cfm"><CFABORT></CFIF>




This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy