i am experiencing a weird problem

I think I have discovered a glitch with ColdFusion so please excuse me posting this on Coldbox discussions but I wanted to confirm the problem first.

What is happening is that I set my Application.CFC in the root of my ColdBox app to SessionTimeout after 1 hour. However in ColdFusion Admin (CFIDE) I set the max timeout period to 5 minutes by accident.

The problem came in when my session data dies after 5 minutes when using the ColdBox SessionStorage plugin however the IsUserLoggedIn() is still true. I believe the glitch is that ColdFusion’s isn’t properly handling the session timeout stuff the same way as it does with the rest of the functions.

I am running ColdFusion 9.01 and latest ColdBox github download on Windows 7 64bit everything.

Is anyone able to confirm this? I think you should be able to replicate this by changing Session Timeout (Max) in CFIDE to some period of time lower than what your Application.cfc is set to timeout.

Jeremy R. DeYoung
Phone: 615.261.8201

FacebookLinkedInGoogle ReaderTwitterAmazonGoogle
Google Talk/LunarFly Skype/DeYoungJD

The session timeout in your application should override the CF Admin setting.
So, are you saying that after 5 minutes, the session scope is empty?

Are you using jSessionID? Can you confirm if you receive a new session ID after 5 minutes?

What is your “loginStorage” setting in your application? I think it defaults to cookie which could mean that a user is still correctly logged in even though their session data has left for the night if your loginTimout setting on cflogin is longer than your session timeout. I believe cflogin’s timeout defaults to half an hour.



I might be wrong, but I believe that you can only override the default session duration up to, but not exceeding the max session timeout you set in the cfide.

– sent by a little green robot