Make client variables overdue
One of these methods is client variable. Client variables are similar to session variables, the difference is that user status variables are stored in the memory of ColdFusion server, while client variables are stored in cookies, Windows Registry databases (Windows Registry) or external database servers. This difference is not very important at first glance, but if you use a series of ColdFusion servers to form a load-balance environment, this difference becomes very critical.
In a load-balancing server environment, you can never know which server will be specified to handle which user's request. Load balancing hardware or software simply passes the received user request to the lightest load server at that time to handle it. In this case, we cannot use the user status variables normally because the user status variables stored on a certain server are invisible to other servers. Whenever the load balancing hardware (or software) redirects the same user from a server to another server (that is, a request from the user is assigned to the A server for processing, and the next request is assigned to the B server for processing), the user status variable will disappear immediately.
One of the ways to solve this problem is to use client variables to store user-related information in an external database that can be stored in another server involved in load balancing. However, this approach itself brings other issues that must be considered, especially if you want to store sensitive or secure data through client variables. You can set the client variable to expire after a certain period of time, but this time interval can only be set to one day at least. If you store user authentication-related information, you should want to set this overdue time to be shorter, such as fifteen minutes. To achieve this short-term overdue function, you only need to add some extra CFML program code.
I have created another custom tag called CF_ClientTimeout to handle this problem for you. Similarly, you can download and use it directly on the Allaire Development Intelligence Exchange Center website. This volume mark compares the current time with the time when the user last accessed a page through the date and time correlation function. If the time difference between the two is greater than a certain time length you set yourself, the user's relevant information will be considered to have expired and has lost its utility. If you use this tag in this file, then this tag will perform this time comparison work on all pages in the same application. The relevant program codes are as follows:
<CFPARAM NAME="" DEFAULT="#CreateODBCDateTime(Now())#">
<CFSET Compare = DateCompare(DateAdd("n", ( * -1), CreateODBCDateTime(Now())), )>
<CFIF Compare IS NOT -1>
<CFSET = "Yes">
<CFELSE>
<CFSET = "No">
</CFIF>
<CFSET = CreateODBCDateTime(Now())>
If you enter the value of the TimeOut variable to be 30 (TimeOut = 30), the user will be deemed to have been overdue by the system after thirty minutes of no action. Once the system is considered overdue, the next time the user tries to access a page again, the custom tag will be sent back to the TimeOut variable value "Yes". You can use a CFIF statement to determine the value of this variable, and delete the relevant client variables of the overdue user, or modify the value of a certain authentication variable (for example, set the value of the variable to "No", = "No"), and then execute a user login program.
Previous page12345Next pageRead the full text