Is it possible to expire or delete a specific session in ColdFusion, other than the one for that request?

Question

Important: I do not mean ending the session associated with the current request. I mean, given some identifier, is it possible to clear out that session?

I'd like to implement Single Sign Out. As part of that, it would be convenient if on logout, I could send a POST request to each ColdFusion app using the Single Sign In, telling them to clear out the existing Session for that record.

These are the alternative techniques I've thought of:

• Storing something in a table that corresponds to the session variable, and deleting it. Each time a page is loaded, it would have to check the table for an active record
• Creating a Server-scoped struct where the session IDs are keys. After logout, the first ColdFusion app to get the logout request would delete that key from the struct

However, to avoid adding additional layers of complexity, it would be much better if I could just remove that specific session directly. That way I know that it is gone and don't have to worry about running extra code on each request.

Answer 1

Just an idea, if you keep track of their CFID/CFTOKEN, and you cflocation yourself to a page with a particular CFID/CFTOKEN, then you can, in theory, "impersonate" that specific session and do things to that session like you were them, including logout.