Log out and kill the session

Question

I have a login page that's working fine. Now I want to log out.

Below is a link in my header.cfm file. If the session variable is true the it shows "logout". If not, it shows "login". So I want to do just the log out.

<a id="login-link" href="login.cfm">
     <cfif session.userLoggedIn>logout <cfelse>LogIn</cfif>
</a>

Application.cfc

public boolean function onRequestStart(string targetPage)
{

    if(findNocase("login.cfm", arguments.targetPage))
    {
        return true;
    }
    else if(session.userLoggedIn)
        return true;
    else
    {
        include "login.cfm";
        return false;
    }
}

public void function onSessionStart(struct sessionObj)
{

    session.userLoggedIn = false;
}

logIn.cfm

<cfif isDefined("form.btn_login") >
    <cfset userResultResponse =  communtiyServic.getUsers(form.user,form.pwd)>
    <cfset userQry = userResultResponse.getQryData() >

        <cfif userQRY.recordCount gt 0 >
            <cfset session.userLoggedIn = true />
            <cflocation url="index.cfm" >
        <cfelse>
            <cfoutput>invaled userName or password </cfoutput>
    </cfif>



</cfif>

Answer 1

If you are using CFID and CFTOKEN for your session ident cookies (which you probably shouldn't be, but it's the default), then you should simply be able to call SessionInvalidate() in your logout() method. This will invalidate the session connection between the server and the client. I am not sure if it expires the session data on the server, but if not, it will timeout of its own accord after the timeout period. In the mean time it will be inaccessible on the client end, which for all intents and purposes does what you want.

Answer 2

Edit 500 edits later fixing verbiage here is an answer with example code...I made some changes to simplify the process and log out from any page using a url query string. There are otherways but this can be used with the OPs example.

In your onRequestStart() add some code to look for logout/redirecting to use location() to the login page.

An easy way for the OP to achieve a sign-out/redirect using his existing code would be something like this addition to the onRequestStart():

param name="url.logout" default=0; 
if (isDefined('url.logout') and url.logout) {
    if (isDefined('session')){
        /* 
        You can use structDelete(session,'whatever') 
        if you know the session.whatever you are clipping
        and you will have to loop and kill all SO 
        try the structClear() function below.

        */
        structClear(session); 
        /*
        The OP can redirect to login.cfm
        which will auto take them to the login.cfm page
        provided you tack on the ?logout=1 to the URL like this
        http://yoursite.com/somepage.cfm?logout=1
        */
        location(url="login.cfm"); 
    }
}