In Application.cfm I have (this is ony securing on folder, not the main root directory)
and some "isDefined(session.auth.isloggedin)" security steups (based on Ben Forta's Book).
<cfapplication name="XYZOFFICE" sessionmanagement="yes">
This works great, but I want to add a logout page that would clear the session variables....
in the book it says to add a logout page with:
<CFAPPLICATION name="XYZFFICE" sessionmanagement="yes" sessiontimeout="#createtimespan(0,0,0,0)#">
<cflocation url="../XYZOFFICETEST.cfm"> <---take out of secured section--->
After I log out...and go back into secured section...it bypasses and pulls up the session variables, meaning it didn't clear them. Anythoughts?
Thanks in advance.