This might be a dumb question, but we are using Se...
# cfml-general
This might be a dumb question, but we are using Session variables to log in the users on this old site (cfid, cftoken)....when the user hits the logout button, the session is cleared out and rotated....However, the users might just close the browser with the can I or can I kill the session variables OR is it still the way it has always been....session just stays in memory for the 1 before expire? OnBeforeUnload or something else via JS? If not that is ok, just need to explain it to the Client.
The session scope stays in memory until it times out I think. invalidateSession may get rid of it.
YOu can just structclear the session scope when the user clicks logout of your app
@bdw429s thanks for that info....The users sometimes just click the X in the upper right not logout...if they click logout, I am clearing the session scope....I have read it seems like the sessions stays in memory so that might be what I have to tell the client....the users need to click logout or their session will remain...
Just using a struct clear doesn't clear out the session cookies I thought, With those in place, the session is still alive,
wondering if you could possibly clear the session with JS
event. It's not reliable, but better than nothing?
@Myka Forrest I was going to look into that...but as you stated it might not be reliable
@fmdano You are correct, if the user just closes the window, the sessions lives until it times out,. This is correct, desirable, and nothing to worry about,. Tell your client to go create some excel spreadsheets or something and stop bugging you 🙂
✔️ 1
If they want to limit how long data can stay in memory, reduce the session timeout.
There's no foolproof way to remove it-- the user can always just yank their power plug out of the wall.
@larryclyons session cookies are not the same as the actual data in the session scope
@bdw429s Can I quote you on that....Iol. I was thinking of talking to them about cutting down the session from 1 hour