我可以通过哪些方式强制结束会话？

发布于 2024-12-11 04:08:13 字数 637 浏览 0 评论 0原文

我想强制会话在 30 分钟后结束，无论活动如何。我首先想到的是这个（未经测试）：

function onApplicationStart() application.sessionLife = 30;

function onSessionStart() session.timeStarted = now();

function onRequestStart() {
    if ( dateDiff("n", session.timeStarted, now()) > application.sessionLife)
        structClear(session);
}

还有什么其他方法可以强制会话结束？

最明显的一个是 30 分钟后过期的会话 cookie。但我不确定会话 cookie 是否监听 sessionTimeOut 会话。

更新我刚刚发现 StructClear() 不会结束会话。所以我想我应该让cookie过期。

原文

I want to force a session to end after 30 minutes regardless of activity. The first thing I thought of was this (untested):

function onApplicationStart() application.sessionLife = 30;

function onSessionStart() session.timeStarted = now();

function onRequestStart() {
    if ( dateDiff("n", session.timeStarted, now()) > application.sessionLife)
        structClear(session);
}

What other ways are available to force a session to end?

The obvious one is a session cookie that expires after 30 minutes. But I'm not sure if session cookies listen to the sessionTimeOut sessting or not.

Update
I just found out that StructClear() does not end the session. So I guess I should just expire the cookies.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

驱逐舰岛风号 2024-12-18 04:08:13

像往常一样，Ben Nadel 已经在博客中给出了答案...

http://www.bennadel.com/blog/1847-Explicitly-Ending-A-ColdFusion-Session.htm

有几个选项，有些非常安全，其他则使用隐藏方法不保证在 ColdFusion 或其他 CFML 引擎的未来版本中出现。您可能会发现我在他的帖子中被提及，因为我喜欢摆弄那些隐藏的方法。但如果你想正确地做事（更多的未来证明/引擎切换证明），我建议本的替代方法。

编辑

差点忘了，我使用另一种方法创建了一个函数来停止当前会话（Ben Nadel 的博客文章中没有提到）。它仍然是一个未记录的功能，但是是一项改进，因为它会立即停止会话，而不是将其设置为 1 秒超时。

http://misterdai.wordpress.com/ 2010/06/15/cf-sessionstop-ending-a-cf-session/

进一步编辑

只是简单地解释一下不同的方法，以防链接的网站出现消失。

总结一下停止会话的方法...

将 sessionTimeout 设置为 1 秒。
- 标记目标会话（例如 session.remove = true）
- 检测并设置低超时 (application.cfc)
  if (StructKeyExists(session, 'remove') 和 aession.remove) {
  this.sessionTimeout = CreateTimeSpan(0, 0, 0, 1);
  }
- 通过删除 CFID / CFTOKEN Cookie 来移除客户端与会话之间的关联。
与上面类似，但使用 session.setMaxInactiveInterval(1)
- 未记录，可以使用，但版本之间可能会发生更改，恕不另行通知。
- 更灵活，不必在 application.cfc 文件中包含代码。
- 仍然需要删除 Cookie。
强制 ColdFusion 立即删除会话。
- 更多地使用未记录的功能，这些功能可能会在版本之间中断。
- 可以在任何地方使用，不必担心 cookie 或单秒超时。

方法 3 的代码...

<cffunction name="sessionStop" output="false">
  <cfset var local = StructNew() />
  <cfif Not StructKeyExists(application, 'applicationName')>
    <cfthrow message="Application.applicationName is missing." />
  </cfif>
  <cftry>
    <cfset local.sid = session.cfid & '_' & session.cftoken />
    <cfset local.jTracker = CreateObject('java', 'coldfusion.runtime.SessionTracker') />
    <cfset local.jTracker.cleanUp(application.applicationName, local.sid) />
    <cfcatch type="any">
      <cfthrow message="Error stopping session, may not exist." />
    </cfcatch>
  </cftry>
</cffunction>

As usual, Ben Nadel has already blogged the answer...

http://www.bennadel.com/blog/1847-Explicitly-Ending-A-ColdFusion-Session.htm

There are a few options, some quite safe, others use hidden methods that aren't guaranteed to be around in future version of ColdFusion or other CFML engines. You might spot that I get a mention in his post since I love messing about with those hidden methods. But if you want to do things properly (more future proof / engine switch proof), I'd suggest Ben's alternative methods.

Edit

Almost forgot, I created a function to stop the current session using another method (not mentioning in Ben Nadel's blog post). It's still an undocumented feature, but is an improvement as it stops the session instantly, instead of setting it to 1 second to time out.

http://misterdai.wordpress.com/2010/06/15/cf-sessionstop-ending-a-cf-session/

Further Edit

Just explaining the different methods briefly, in case the linked sites ever disapppear.

To summarise the ways to stop a session in it's tracks...

Set the sessionTimeout to a value of 1 second.
- Flag the targetted session (e.g. session.remove = true)
- Detect and set low timeout (application.cfc)
  if (StructKeyExists(session, 'remove') And aession.remove) { this.sessionTimeout = CreateTimeSpan(0, 0, 0, 1); }
- Remove the association between the client and the sesssion by deleting the CFID / CFTOKEN cookies.
Similar to above but using session.setMaxInactiveInterval(1)
- Undocumented, works but could change without notice between versions.
- More flexible, doesn't have to have code within the application.cfc file.
- Still have to remove cookies.
Force ColdFusion to remove the session instantly.
- More use of undocumented features that could break between versions.
- Can be used anywhere, don't have to worry about cookies or single second timeouts.

Code for approach 3...

<cffunction name="sessionStop" output="false">
  <cfset var local = StructNew() />
  <cfif Not StructKeyExists(application, 'applicationName')>
    <cfthrow message="Application.applicationName is missing." />
  </cfif>
  <cftry>
    <cfset local.sid = session.cfid & '_' & session.cftoken />
    <cfset local.jTracker = CreateObject('java', 'coldfusion.runtime.SessionTracker') />
    <cfset local.jTracker.cleanUp(application.applicationName, local.sid) />
    <cfcatch type="any">
      <cfthrow message="Error stopping session, may not exist." />
    </cfcatch>
  </cftry>
</cffunction>

回复收藏 0 原文

醉梦枕江山 2024-12-18 04:08:13

我认为您不想使用 structClear()。如果我没记错的话，如果从 SESSION 结构中删除 CFID 和 CFTOKEN 键，就会出现问题。下面是我们用来结束会话的代码：

<!--- Delete the session --->
<cfloop collection="#session#" item="skey">
    <cfif NOT listFindNoCase("cfid,cftoken,sessionid,urltoken", skey)>
        <cfset structDelete(session, skey) />
    </cfif>
</cfloop> 

<!--- Expire the CFID and CFTOKEN cookies to start a new session --->
<cfcookie name="cfid" expires="Now" />
<cfcookie name="cftoken" expires="Now" />

<!--- Expire the JSESSIONID cookie - only needed if J2EE sessions are used --->
<cfcookie name="jsessionid" expires="Now" />

因此，我们从 SESSION 中删除除 CFID、CFTOKEN、SESSIONID 和 URLTOKEN 之外的所有密钥，然后使标识会话的 cookie 过期。发生这种情况时，CF 应创建新的 cookie 并启动新会话。

I don't think you want to use structClear(). If I remember correctly, there are issues if the CFID and CFTOKEN keys get deleted from the SESSION struct. Here is the code we use to end a session:

<!--- Delete the session --->
<cfloop collection="#session#" item="skey">
    <cfif NOT listFindNoCase("cfid,cftoken,sessionid,urltoken", skey)>
        <cfset structDelete(session, skey) />
    </cfif>
</cfloop> 

<!--- Expire the CFID and CFTOKEN cookies to start a new session --->
<cfcookie name="cfid" expires="Now" />
<cfcookie name="cftoken" expires="Now" />

<!--- Expire the JSESSIONID cookie - only needed if J2EE sessions are used --->
<cfcookie name="jsessionid" expires="Now" />

So we delete all the keys from the SESSION except for CFID, CFTOKEN, SESSIONID, and URLTOKEN, then we expire the cookies that identify the session. When this happens CF should create new cookies and start a new session.

回复收藏 0 原文

~没有更多了~