This might be a dumb question, but we are using Session variables to log in the users on this old site (cfid, cftoken)....when the user hits the logout button, the session is cleared out and rotated....However, the users might just close the browser with the X....how can I or can I kill the session variables OR is it still the way it has always been....session just stays in memory for the 1 before expire? OnBeforeUnload or something else via JS? If not that is ok, just need to explain it to the Client.

The session scope stays in memory until it times out I think. invalidateSession may get rid of it.

@bdw429s thanks for that info....The users sometimes just click the X in the upper right not logout...if they click logout, I am clearing the session scope....I have read it seems like the sessions stays in memory so that might be what I have to tell the client....the users need to click logout or their session will remain...

Just using a struct clear doesn't clear out the session cookies I thought, With those in place, the session is still alive,

wondering if you could possibly clear the session with JS

beforeunload

event. It's not reliable, but better than nothing?

@Myka Forrest I was going to look into that...but as you stated it might not be reliable

@fmdano You are correct, if the user just closes the window, the sessions lives until it times out,. This is correct, desirable, and nothing to worry about,. Tell your client to go create some excel spreadsheets or something and stop bugging you 🙂

@bdw429s Can I quote you on that....Iol. I was thinking of talking to them about cutting down the session from 1 hour