Accessibility

TechNote (Archived)

ColdFusion 4.5 and the StructClear(Session) Function

Issue

The StructClear(Session) function works differently in 4.5.0 and higher then it did in previous versions. When using it you may notice that the SessionID, CFID, and CFTOKEN gets cleared.

Example: 

 <CFSET StructClear(Session)>

The variables SessionID, CFID, and CFTOKEN are set once by ColdFusion instead of on every request. When you use theStructClear(Session) function, it will clear the SessionID, CFID, and CFTOKEN variables because they are set once and they are in a Struct.

Solution

Here are some workarounds:

Use StructDelete() instead.

If you need to clear one of these variables you will want to use the StructDelete(structure, key [, indicatenotexisting]) function to delete the one variable. 

 <!--- Select the one session to delete ---><CFSET StructDelete(Session, "Access_Level")>

This example will only clear the Session.Access_Level and not the SessionID, CFID, or CFTOKEN.

Create a new Struct to preserve some of the session variables.

You can create a temp Struct to capture the CFID, CFTOKEN, SESSIONID, URLTOKEN and any important information and after you clear the session reset the temp Struct. 

 <!--- Copy the important values. ---><CFLOCK SCOPE="Session" TYPE="ReadOnly" TIMEOUT=60><CFSET Temp = StructNew()><CFSET Temp.CFID = Session.CFID><CFSET Temp.CFTOKEN = Session.CFTOKEN><CFSET Temp.SESSIONID = Session.SESSIONID><CFSET Temp.URLTOKEN = Session.URLTOKEN></CFLOCK><!--- Kill the session ---><CFLOCK SCOPE="Session" TYPE="Exclusive" TIMEOUT=60><CFSET StructClear(Session)></CFLOCK><!--- Restore the important values. ---><CFLOCK SCOPE="Session" TYPE="ReadOnly" TIMEOUT=60><CFSET Session.CFID = Temp.CFID><CFSET Session.CFTOKEN = Temp.CFTOKEN><CFSET Session.SESSIONID = Temp.SESSIONID><CFSET Session.URLTOKEN = Temp.URLTOKEN></CFLOCK>
Timeout the Application.cfm.

In your Application.cfm you can force the application to expire. Use the example below to do this. 

 <CFAPPLICATION NAME="Foo" SESSIONMANAGEMENT="Yes"><!--- Log the user out. ---><CFIF IsDefined("URL.Logout")><P>  Logging you off. <P><!--- Kill the app ---><CFAPPLICATION NAME="Foo"    SESSIONMANAGEMENT="Yes"    SESSIONTIMEOUT="#CreateTimeSpan(0,0,0,0)#"><meta http-equiv="REFRESH" content="1; url=index.cfm"><CFABORT></CFIF>


AlertThis content requires Flash

To view this content, JavaScript must be enabled, and you need the latest version of the Adobe Flash Player.

Download the free Flash Player now!

Get Adobe Flash Player

Creative Commons License

Search Support


Document Details

ID:tn_17479
Browser:Chrome
Internet Explorer
Netscape
Opera
Safari
Firefox
Database:DB2
Informix
MySQL
Oracle
SQL Server
Sybase
MS Access

Products Affected:

coldfusion