Discussion:
session.times_logged_on question
(too old to reply)
Azadi
2009-03-31 13:48:45 UTC
Permalink
i am not 100% sure if this would work in your case, but you can try
setting a different session timeout if session.times_logged_on > 3 by
wrapping your session timeout setting code in a cfif block... would only
work with Application.cfc, though...

<cfcomponent>
<cfscript>
...
THIS.sessiontimeout = createtimespan(0,1,0,0);
if( structkeyexists(session, 'times_logged_on') AND
session.times_logged_on gte 3 ) THIS.sessiontimeout =
createtimespan(0,0,20,0);
...
</cfscript>



Azadi Saryev
Sabai-dee.com
http://www.sabai-dee.com/
CFmonger
2009-03-31 14:32:28 UTC
Permalink
No it doesn't work so far. It throws errors.

I tried your code first and it said this:
Variable SESSION is undefined.


The error occurred in C:\Websites\4npp8b\Application.cfc: line 8

6 : THIS.applicationTimeout = createTimeSpan(0,0,20,0);
7 : THIS.sessionTimeout = createTimeSpan(0,0,20,0);
8 : if( structkeyexists(session,'times_logged_on') AND
9 : session.times_logged_on gte 3 ) THIS.sessiontimeout =
10 : createtimespan(0,0,10,0);

Then I tweeked your code a little to mirror my own code and got this:
if( structkeyexists('session.times_logged_on') AND
session.times_logged_on gte 3 ) THIS.sessiontimeout =
createtimespan(0,0,10,0);

this one came back and said :
Parameter validation error for the STRUCTKEYEXISTS function.
The function takes 2 parameters.

How can I fix this to work? or is there a better way?
Azadi
2009-03-31 14:45:48 UTC
Permalink
that if () statement should be AFTER your THIS.sessionmanagement = true;
line

you can also try this variant:

if( isdefined('session') AND structkeyexists(session, 'times_logged_on')
AND session.times_logged_on gte 3 ) THIS.sessiontimeout =
createtimespan(0,0,10,0);

the syntax for structkeyexists() function in your attempt is all wrong.
check the cfml reference if you are not sure about syntax of any
particular cf function. you can download a free CFML Reference Manul PDF
from adobe.com if you do not have one.

Azadi Saryev
Sabai-dee.com
http://www.sabai-dee.com/
CFmonger
2009-03-31 15:12:24 UTC
Permalink
it isn't throwing any errors now. I am going to set it off and see if the time out woirks now.

What is the link for the pdf? I want one. and thanks :)
Azadi
2009-03-31 15:36:36 UTC
Permalink
CFML Reference:
http://livedocs.adobe.com/coldfusion/8/cf8_cfml_ref.pdf

CF Developer's Guide:
http://livedocs.adobe.com/coldfusion/8/cf8_devguide.pdf

both linked to from
http://www.adobe.com/support/documentation/en/coldfusion/


Azadi Saryev
Sabai-dee.com
http://www.sabai-dee.com/
CFmonger
2009-03-31 17:10:11 UTC
Permalink
Thank you! That works nice.
I downloaded those ref pdfs, thanks.

CFmonger
Azadi
2009-03-31 13:21:04 UTC
Permalink
i highly doubt it locks anyone out 'forever'.
just until they close their browser, maybe clear out their cookies, and
access your login page again...

in any case, the session var you are setting to hold the number of login
attempts will cease to exist after the session times out as per your
sessiontimeout setting in application.cfm/cfc, and they should be able
to try again...

Azadi Saryev
Sabai-dee.com
http://www.sabai-dee.com/
CFmonger
2009-03-31 13:36:23 UTC
Permalink
I thought that was when it would go away. Is there a way to over ride the
session timeout on my application.cfc file with one I set for just this
feature? like a <cfset session.times_logged_on Timeout =10> or something like
that?

Loading...