Delete all sessions on a coldfusion server

Question

Is there a way to delete all current sessions for a specific application on a coldfusion server. I want to force all users to renew their session variables and add new session v

Answer 1

Below is a snippet of an Application.cfc that will allow you to reset all session variables for an application. The controlling variable is application.loaded. You'll need to supply code that will change the value of this variable to force session reloads. When your code sets application.loaded to now(), it will have a date/time newer than session.loaded, it will reset the users session. This version is written in CF2016 level CFML.

This code is more of a template that you would have to revise for your implementation.

Application.cfc:

component displayname="myApp" {
    this['Name'] = "myApp";
    this['ApplicationTimeout'] = CreateTimeSpan(0, 12, 0, 0);
    this['sessionTimeout'] = CreateTimeSpan(0, 0, 45, 0);
    this['SessionManagement'] = true;
    this['ClientManagement'] = false;
    this['SetClientCookies'] = true;

    public boolean function onApplicationStart() {
        // app variable for session scope refresh
        application['loaded'] = now();

        return true;
    } // onApplicationStart()

    public void function onSessionStart() {
        // this individual session loaded flag
        session['loaded'] = now();

        return;
    } // onSessionStart()

    public boolean function onRequestStart(required string targetPage) {
        // if the applicaiton.loaded variable is more recent, force this session to be reset
        if (application.keyExists("loaded") && session.keyExists("loaded") && application.loaded > session.loaded) {

            // pick one or more of these FOUR options to reset the session.

            // call the J2EE method of invalidating a session
            getPageContext().getSession().invalidate();

            // OR use the CF method
            sessionInvalidate();

            // OR clear the session struct
            session.clear();

            // OR clear important session variables that tell your app that the user is logged out, this will need to change based on YOUR implementation
            session['user'] = "";

            // if you clear the session with a form of invalidate(); onSessionStart() should be called to reset the session.loaded var.  It can also be set here.
            session['loaded'] = now();

            // redirect to the target page, which should send the user back to the login page because the session was reset
            location(url=arguments.targetPage, addtoken=false);
        }

        return true;
    } // onRequestStart()

} // component

One oddity when I built this kind of system for a site is that; although applicationStop() was called, sessions did not clear. You'd think that sessions would be destroyed when the application was stopped, but they didn't. That's why I built this method. It seemed that sessions are tied to individual site cookies and are independent of the application that they may live in.

Answer 2

I u are not using single login method then use separate Application.cfm for each Application.

When you log out one Application then only One Application Session will be ended.

I cann't add this comment as I don't have permission.