Clear a session variable

Hi.,
I am using jdeveloper 11.1.1.5
Could any one pls help me how to clear a session varable when the logout link had been clicked?

Thank you timo
I had used this code in my logout link
            ExternalContext ectx = FacesContext.getCurrentInstance().getExternalContext();
                    HttpServletResponse response = (HttpServletResponse)ectx.getResponse();
                    HttpSession session = (HttpSession)ectx.getSession(false);
                    session.invalidate();
                response.sendRedirect("/faces/login_new.jspx"); While i m using this i m getting an error as null pointer exception

Similar Messages

Clearing custom session variable in 5.0

I have set a custom session variable in a method called in the OnAfterLogin PEI.
Do I need to ckear this session variable on logout? If so, how do I do that?
Or does the session variable clear on its own if teh session is abandoned or killed on logout?
I just want to make sure I am not leaking any memory and do proper housekeeping.
Thanks!
Vanita
Staples

Sam,
It appears that you are one of the few installations that actually used a display/formatting page under 4.x. Under 5.0 you have the option of going directly to the source of the card or gatewaying the card. Those are your only two options to my knowledge. I suppose that the answer might rest on using docfetch but this would require a custom CWS.
Good Luck
Phil Orion

How can I have the loading of a page CLEAR ALL session variables?

Hi,
At the time of logging in it needs to reset all session state or at least my collection.
I thought it would be a quick easy thing to clear session state????

I found it:
1.) Goto the page of desired Session State clearing.
2.) Select the + after "Processes".
3.) Select "Session State" category.
4.) Select whatever you desire to do!
Clear Cache For Applications (removes all session state for listed applications)
Clear Cache For Current Application (removes all session state for current application)
Clear Cache For Current Session (removes all state for current session)
Clear Cache for Items (ITEM,ITEM,ITEM)
Clear Cache for all Items on Pages (PageID,PageID,PageID)
Reset Preferences (remove all preferences for current user)
Set Preference to value of Item (PreferenceName:ITEM)
Set Preference to value of Item if item is not null (PreferenceName:ITEM)

Session variables not clearing

Hello,
I'm working on a series of web pages that will be compatible with an Apple iPad. Here's what I'm working on:
When a user hits my index.cfm page, CF checks a table for records. If there are no records, cflocation sends the user to a menu page and only creates one session variable, "Device."
If there is one record in the table, cf creates the variables "Device" and "Loc" and sets "Loc" to whatever the value in a certain table field is. Then cflocation sends the user to the same menu page as above, but because "Loc" is defined, the value of "Loc" is output in various places on the page.
If more than one record is found, the user must select their choice from the index.cfm page. From there, cflocation takes their choice, adds it to a url variable, and takes the user to a page that defines "Loc" based on the url variable. Then cflocation sends the user to the same menu page, but because "Loc" is defined, the value of "Loc" is output in various places on the page.
Everything works well.
Here's the problem: I can't get "Loc" to clear on demand. At the top of my index page, I have <cfscript>StructDelete(Session, "Loc");</cfscript> to clear anything that might be in the application. On my desktop (a PC browsing with Chrome), this works. For testing, I'll put one record in the table and the process that I described above works. If I delete that record and run index.cfm again, "Loc" is cleared and the menu page appears as it should.
However, if I add a record, run index.cfm on my iPad to create "Loc," then go back and delete the record from the table and run index.cfm again, the variable is still defined. This happens on the iPad only.
I'm stuck. Can anyone offer any insight?
Thank you!

You might try adding cache directives to your HTTP headers using CFHEADER. Something like:
<cfheader name="Cache-Control" value="no-cache">
<cfheader name="Expires" value="0">
CFHEADER
http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e0811cbec22c24-7a ea.html
Caching in HTTP from W3C
http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html

Session variable size limitation (LV Webservices)

Hi community,
I read couple dozen email addresses from an XML and trying to write them into a session variable. The email addresses are comma separated and have a total string length of about 1100 characters. When I try to write it into a session variable LabVIEW drops an error message (-67158).
It is very clearly related to the size of the string as if use lets say only 200 characters I dont receive the error message.
How can I get rid of this limitation?
Thanks!

I am writing a general purpose webpage where I need email notifications. I have the workaround ready (before I send out the emails I dont read the emails from a session, but using the userID stored in the session to read the email from the xml). But generally having this limitation is annoying and unnecessary as normally you easily can store 100kB in one session. (probably even more, but that was the max I have ever did)

Using Session Variables for User Login - sometimes they don't persist... what am I doing wrong?

Hi all,
I'm running a site that requires user login. I approached the building of this site as almost a complete newb to CF (and dynamic coding in general), and it's been a great learing experience (with lots of help from you guys).
However, I guess I never learned the correct way to handle a user login. It seemed to me that I could just test the user-entered credentials against those stored in a database, then set a session variable containg that user's record number. Then, not only would I have an easy way of knowing who this user was and therefore what info to serve him, but I could test for the existence of a valid login on every page in the protected folder, by adding this code to my application.cfc in that folder:
<cfset This.Sessionmanagement=true>
<cfset This.Sessiontimeout="#createtimespan(0,8,0,0)#">
   <cfif NOT isDefined ("session.username") or NOT isDefined ("session.password") or NOT isDefined ("session.storeID")>
     <cflocation url="../index.cfm" addtoken="no">
   </cfif>
...and it goes on to run a query and verify that the session.username and session.password match for the store defined by session.storeID. If not, all session variables are cleared and it bounces you back to the login page. When the user clicks Logout, all I do is delete all the session variables.
This seemed to work great for like a year, but lately I've been getting reports that the login doesn't seem to persist for longer than approx. 20 minutes of inactivity. You can see I specified session variables to remain active for 8 hours (I know that seems like a drastically long login, but it's what's necessary for this application). I've only gotten this report from a few people, and I myself can't seem to duplicate it... I've tested an inactive login for 45 minutes now and it held.
SO: any reason you can think of why session variables would be spontaneously clearing for some people? Would having your router reset its IP address invalidate the session or something? Also, the problem seemed to begin appearing after my host upgraded all their servers to CF9... could there be any relation?
And on a more general note... did I go about this completely the wrong way to begin with? If so, what's the standard way to manage a login?
Lots of questions, I know... thanks very much for any answers or suggestions!
Joe

Ian,
Thanks very much - very helpful information.
Sounds like passing the tokens in every request is probably the way to go for this. I don't think it's likely that any users will be sharing links, unless they actually intend for the recipient to see their info anyway.
Is that all I would have to do, is add the tokens to every path? Would that guarantee that all the session variables would remain valid until timeout or being cleared?
Again, thanks, you've been really helpful.
Joe
On Jun 23, 2010 4:37 PM, Ian Skinner <[email protected]> wrote:
Unfortunately this is the nature of HTTP web applications. There is NO state maintained from HTTP request to request. This is by design in the HTTP protocol specifications.
ColdFusion provides two methods to circumvent this limitation. Each method has limitations and caveats. They both rely on the passing of tokens between the client and the server with every request. These tokens can be passed as cookies OR URL (GET) variables. You are using the cookie method, which is the simpler and most common. You may be experiencing the limitation of this method. If something happens to the cookies the session can be lost.
You could pass the (CFID & CFTOKEN) OR JESSIONID tokens through the URL query string with every request. This requires one to add these values to every link, form action, cflocation or other request path in our application. ColdFusion provides the session.urltoken variable to make this easier to do. The tokens will be visible to the user. Also if the links with an individual token is share with other users, via e-mail, chat, social networks, etc and one of these users utilize the link during the life of a session (8 hours apparently in your case). Then that user will access the session of the original user.
Cookie session management is by far the most common choice by CF developers. If these methods do not meet your needs you would need to go beyond the HTTP limitations of web applications. One might be able to accomplish this with a Flex|Air|Flash applications that can be configured to use a continuous connection to the server. Thus not suffer the stateless nature of the normal HTTP request-response cycle.
I do not know if a router resetting would cause cookies to be discarded or otherwise invalidated. But I would not think it is beyond the relm of possibilities.

Session Variable? -How do I treat this

Hello,
I am writing an application that is tracking the results
arriving from various selected stations (230 of them). My
application will dynamically displays only stations for which
results have been received. I plan to have my page refresh every 5
minutes to update the results list.
Now based on results received I will update a report page, so
I need to set a variable that changes every time my query result
set changes and then I will pass this new value to the report page
for processing. I am confused about how to treat this variable.
Should I use set it as a cookie or a session variable? (but it
could change many times during the session)? TIA

Hi,
Your questions is not clear, so I'm not sure if this is what
you are looking for.
Let's forget for a moment how the data gets there, and let's
focus on the report.
You have a databases that get's constantly updated with
new/changing records. It's sounds to me like you need to timestamp
your data, and when the report page is opened, you need to
aggregate data from now()-5 minutes to now() and display them.
The refresh for the page every 5 minutes needs to be done
with javascript (window.setTimeout)
cheers,
fober

Help Needed in checking session variable

In a sample site, I am calling a bounded task flow from an unbounded task flow. In the called taskflow the default activity is a router which checks the session variable, and the home page will be loaded only if the session variable is not null. If session variable is null router will lead to a page dispalying 'session expired'. But even after clearing the session if I copy pasted the previous url, the home page is loading. But when I call bounded taskflow from a bounded taskflow, it is working fine. Can anyone suggest any solution? Thanks in advance

Thanks for the reply. I'm using jdev 11.1.1.5.0.. I'm just trying with a sample example. I have a login page and when the user logins, the user name is stored in session. the loginpage view activity is in adfc config unbounded taskflow. The login credentials is validated in a backing bean and based on the return value, if the login is valid, a bounded taskflow 'hometaskflow' is called. In this bounded taskflow, the default activity is a router wchich checks the username stored in session. If the username is not null it will lead to the 'homepage' view. Else if it is null it will lead to a 'sessionexpired' view.
In the java class of login page I'm accessing the session variable as shown
public Username getSessionBean()
Username username =
(Username)resolveExpression("#{Username}");
return username;
public static Object resolveExpression(String expression)
FacesContext facesContext = FacesContext.getCurrentInstance();
Application app = facesContext.getApplication();
ExpressionFactory elFactory = app.getExpressionFactory();
ELContext elContext = facesContext.getELContext();
ValueExpression valueExp =
elFactory.createValueExpression(elContext, expression,
Object.class);
return valueExp.getValue(elContext);
On login button click the function being executed is as shown
public String onLoginClick() {
if(String.valueOf(itUserName.getValue()).equals("admin")
&& String.valueOf(itPassword.getValue()).equals("admin"))
Username username=getSessionBean();
username.setUsername(itUserName.getValue().toString());
return "success";
else {
return "invalid";
And to set username as null on logout, I used this function on logout click
public void clearSession()
Username username=getSessionBean();
username.setUsername(null);
The EL expression used to check the value of session variable is
#{sessionScope.Username.username==null} outcome is expired
#{sessionScope.Username.username!=null} outcome is active
This worked when I used in a bounded taskflow, which is being called from another bounded taskflow. But not working in this scenario...

Session variable not passing between pages

Hi, I've got a form that calculates checkbox values and puts them in a total field called txtTotal. When the user clicks send, I need to pass the total to a payment page. The form page has PHP
session_start();
$_SESSION['sessTotal'] = $_POST['txtTotal'];
and the payment page has
session_start(); at the top of the page and <?php echo $_SESSION['sessTotal']; ?> where I want the total to display. The total does not carry over to the payment page and I can't work out why.
Here is all the PHP from the form page as I'm pretty new to PHP and not sure if there's a conflict (should session_start appear more than once?) Thanks guys
<?php require_once('Connections/df.php'); ?>
<?php
//initialize the session
if (!isset($_SESSION)) {
session_start();
$_SESSION['sessTotal'] = $_POST['txtTotal'];
// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
$logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
//to fully log out a visitor we need to clear the session varialbles
$_SESSION['MM_Username'] = NULL;
$_SESSION['MM_UserGroup'] = NULL;
$_SESSION['PrevUrl'] = NULL;
unset($_SESSION['MM_Username']);
unset($_SESSION['MM_UserGroup']);
unset($_SESSION['PrevUrl']);
$logoutGoTo = "index.php";
if ($logoutGoTo) {
    header("Location: $logoutGoTo");
    exit;
?>
<?php
if (!isset($_SESSION)) {
session_start();
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";
// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;
// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
    // Parse the strings into arrays.
    $arrUsers = Explode(",", $strUsers);
    $arrGroups = Explode(",", $strGroups);
    if (in_array($UserName, $arrUsers)) {
      $isValid = true;
    // Or, you may restrict access to only certain users based on their username.
    if (in_array($UserGroup, $arrGroups)) {
      $isValid = true;
    if (($strUsers == "") && true) {
      $isValid = true;
return $isValid;
$MM_restrictGoTo = "index.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0)
$MM_referrer .= "?" . $_SERVER['QUERY_STRING'];
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
return $theValue;
$colname_userDets = "-1";
if (isset($_SESSION['MM_Username'])) {
$colname_userDets = $_SESSION['MM_Username'];
mysql_select_db($database_df, $df);
$query_userDets = sprintf("SELECT usersId, userName, password, name FROM users WHERE userName = %s", GetSQLValueString($colname_userDets, "text"));
$userDets = mysql_query($query_userDets, $df) or die(mysql_error());
$row_userDets = mysql_fetch_assoc($userDets);
$totalRows_userDets = mysql_num_rows($userDets);
?>

OK I got it. I needed
session_start();
$_SESSION['sessTotal'] = $_POST['txtTotal'];
on the payments page as well, not just session_start();

Use of a Session Variable in another session variable in OBIEE

Hi,
I want to use a session variable say A to calculate value of another session variable B. I am using valueof(NQ_SESSION.A) in the initialization block of variable B. But the result is coming blank. I know that the value exists. I have also set the precedence for B to run variable A first.
Am I missing something here?

vkos, it works fine for me as my first variable it's initialized when a user logins so the second variable can use its value. What you are trying to do it's not possible. It's not clear if the OP is trying to do the same thing but I will agree that if it is trying to initiliaze a session variable at runtime this is not going to work. You will either have to use presentation variables or update the session variable via GO URL or via Advanced settings in Answers. See the following posts:
http://oraclebizint.wordpress.com/2008/02/28/oracle-bi-ee-101332-updating-session-variables-through-go-url/
http://oraclebizint.wordpress.com/2008/02/25/oracle-bi-ee-101332-updating-session-variables-from-dashboards-using-presentation-variables/

Session variable type in repository

Hi,
I would like to define a session variable with type INT, where in the Admin tool that I can define it?
ex: I first created a initialization block,( select a from b where id =:USER) a is a NUMBER type in the database, but it always returns an integer, when I create a session variable to contain the return of this init block, it gives me 4.0 instead of 4. I tried to use cast (a as INT) it still gives me 4.0. How can I define the session variable as INT type?
Thanks,

Hi Meli,
one thing do you want to int type or real type value in the out put..
As you said,
it gives me 4.0 instead of 4. I so, you want decimal value then why did you cast it to int?
And at last your question again
How can I define the session variable as INT type?the example you given (with 4.1) and your question is not matching..
please give clear picture what do you want?
Anyhow, Check that particular column datatype in physical layer, is that int or some other?
if you want decimal values like in database, physical column data type must be non int.
change it.. and try

Session variable usage syntax.

OBIEE 10.1.3.4
I happen to have a session variable called CD_Testing. I know this variable is being set to the value "Test Subject Area Description" by the init block. The text exists only in the database, I am seeing this text displayed as the description of one of my subject areas. So far so good.
What is the syntax for accessing this variable within a Static Text component? I am looking at the OBI docs that say the syntax is this:
*@{NQ_SESSION.variableName}*
If I use this syntax, and replace variableName with CD_Testing, I see this displayed in my dashboard, so it clearly does not work:
*@{NQ_SESSION.CD_Testing}*
I have also tried these, all of which also display as seen here, not with the value of my CD_Testing variable:
@{CD_Testing}
@{VALUEOF(NQ_SESSION.CD_Testing)}
VALUEOF(NQ_SESSION.CD_Testing) <-- This one even matches that used in the RPD to display as SA description.
VALUEOF(CD_Testing)
So what is the correct syntax? Why doesn't this work, and how do I get it to work?

Thanks, Christian. Do you happen to know the source of that graphic?
It looks like the answer is:
@{biServer.variables\['NQ_SESSION.CD_Testing'\]}
That is very different from what I saw in the Ans.Delivers.Interact.Dashboards User Guide.

Session variables or ???

First I should say I am very much a novice at web design, so
please go easy on me! :)
I am trying to create a "confirmation page" which will
display a recap of information input by the user from an online
registration form. I created a register page using php and MySQL
(which works fine), but I can't seem to figure out how to display
the person's information on a follow up confirmation page. I want
this follow up page to only show the information input by the
single user as a summary (as opposed to showing multiple records
from the database). I thought adding session variables was the
answer, but when I followed the instructions in my manual all I get
is a blank page.
Can anyone help me figure out the easiest way to accomplish
this task? Thanks!

Remipub posted in macromedia.dreamweaver:
> Thanks so much for the reply Mark. I checked the php
website you
> provided and it sounds like the first method is the most
ideal.
> Unfortunately I wasn't quite clear on exactly how you
use the
> code. So if I may ask... my manual states that I need to
put in
> the following code at the top of the page:
>
> <?php if (!isset($_SESSION)) session_start(): >?
>
> Do I put this in as the first line on both the data
collection
> page AND the confirmation page?
Yes. On every page that you need to use session variables.
> And when using --
> $_SESSION['ID']=mysql_insert_id(); -- where do I place
this line?
You mentioned that you had a register page that is working
fine. I
assume that you have a mysql_query() with the INSERT command
in there.
Put it immediately after the mysql_query() line.
> Also, I'm assuming I need to add the auto increment
field to the
form. Can this be hidden? Would I need to place it on both
pages (and
can it be as a hidden field on both pages assuming it's even
necessary)?
You won't need it in the form at all. That's the beauty of
using
session variables.
When you want to show that user's information, use
$_SESSION['ID'] with
a MySQL SELECT to pull it from the database. Something like
the
following example[1]:
$query = "SELECT `first`,`last`,`phone` FROM `users` WHERE
`ID` =
$_SESSION['ID']";
$result = mysql_query($query) or die('yada, yada, yada');
if (mysql_numrows($result)) {
$aRow=mysql_fetch_assoc($result);
$first=htmlentities($aRow['first']);
$last=htmlentities($aRow['last']);
$phone=htmlentities($aRow['phone']);
And later, maybe in the HTML,
<p>Thank you, <?php echo $first;?></p>
[1] I'm away from my work machine, so there's a good chance
there are
syntax errors in the psuedo code. And, of course, I have no
idea what
your database looks like.
Mark A. Boyd
Keep-On-Learnin' :)

Using session variables

I use this session variable in an application.
<CFSET Session.CPActive = True>
I thought that the variable would be deleted when I close the
browser.
When I open a new browser window the Session.CPActive is
still defined and True!!??
Any comments on this?

Found the answer herre
http://livedocs.macromedia.com/coldfusion/7/htmldocs/wwhelp/wwhimpl/common/html/wwhelp.htm ?context=ColdFusion_Documentation&file=00001156.htm
What is a session?
A session refers to all the connections that a single client
might make to a server in the course of viewing any pages
associated with a given application. Sessions are specific to both
the individual user and the application. As a result, every user of
an application has a separate session and has access to a separate
set of session variables.
This logical view of a session begins with the first
connection to an application by a client and ends after that
client's last connection. However, because of the stateless nature
of the web, it is not always possible to define a precise point at
which a session ends. A session should end when the user finishes
using an application. In most cases, however, a web application has
no way of knowing if a user has finished or is just lingering over
a page.
Therefore, sessions always terminate after a time-out period
of inactivity. If the user does not access a page of the
application within this time-out period, ColdFusion interprets this
as the end of the session and clears any variables associated with
that session.
The default time-out for session variables is 20 minutes. You
can change the default time-out on the Memory Variables page in the
Server Settings area in the ColdFusion MX Administrator.
You can also set the time-out period for session variables
inside a specific application (thereby overruling the Administrator
default setting) by setting the Application.cfc This.sessionTimeout
variable or by using the cfapplication tag sessionTimeout
attribute. However, you cannot set a time-out value for that is
greater than the maximum session time-out value set on the
Administrator Memory Variables page.
For detailed information on ending sessions and deleting
session variables, see Ending a session.

J2EE session variables & Non Random Session IDs

Our server keeps failing our PCI compliance test due to the Session ID's being non random.
Description: Web Server Uses Non Random Session IDs Synopsis: The remote web server generates predictable session IDs. Impact: The remote web server generates a session ID for each connection. A session ID is typically used to keep track of the actions of a user while he visits a web site. The remote server generates non-random session IDs. An attacker might use this flaw to guess the session IDs of other users and therefore steal their session. See also : http://pdos.csail.mit.edu/cookies/seq_sessionid.html Data Received: Sending several requests gives us the following session IDs : CFID=896744 CFID=896745 CFID=896746 CFID=896747 CFID=896748 Resolution: Configure the remote site and CGIs so as to use random session IDs. Risk Factor: Medium/ CVSS2 Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N
We are using J2EE session variables which I though was the more secure option. Is there something else you have to do to guarentee that the Session ID's are non random or is this the Compliance test picking up on a false positive?
P.S. It's a recent migration to CF10, don't know if that has anything to do with it.

Personally, I use the client scope instead of the session scope so that I don't have to worry about sticky sessions. That has always worked out nicely for me.
I read that article you referenced, and it's got some interesting stuff. In particular, I have seen the client scope database tables not purge as they're supposed to. And the stuff about preparing, executing, and then unpreparing SQL statements on each request is alarming, if true.
However, I have to say that I have never, ever, ever, ever had performance issues due to client variables. Not once. Whatever performance hit my application may incur from using client variables has, to this point, been completely dwarfed by the performance of the application itself. And, c'mon, the stuff about being lazy because you don't want to spend precious engineering time worrying about something like session management (which is never going to add value to your product) rather than coding something actually useful to your end users...that seems overly harsh to me.
I completely agree that storing client vars in the Windows Registry is bananas, as is the defualt 90 day purge limit (though as of CF 9.0.whatever, the default is 1 day, 7 hours, so clearly they've made some changes since this article was written). But I'm loathe to throw away client-based management.
I think, getting back to the issue at hand, that this may be a false positive. CFID is sequential, but CFTOKEN is not; that should really be the end of the story. I'll see if McAfee will listen. (-;

Clear a session variable

Similar Messages

Maybe you are looking for