The website editors want a long period of login, and as the login relies on the session scope the session period is currently at 10 hours.
This is giving us poor performance on the front end. How can I best separate the two?
I have found one way to get it to work, but would like to consider alternate solutions, this will expire the session if it's not an admin user.
<cfif NOT StructKeyExists( session, "user" )>
<cfscript>
StructDelete(cookie, 'cfid');
StructDelete(cookie, 'cftoken');
session.setMaxInactiveInterval(1);
</cfscript>
The website is quite old and uses Application.cfm, I have tried adding another Application.cfm, which 'includes' the first, for the administration area with it's own but now each application gets confused over what cookie to create/use.
I have looked at resources such as
https://misterdai.wordpress.com/2010/06/15/cf-sessionstop-ending-a-cf-session/
and
http://www.bennadel.com/blog/1847-explicitly-ending-a-coldfusion-session.htm
I even considered converting to Application.cfc, but this is time critical and there is some quirky legacy code in there I don't have time to debug.
The best way is to separate the front end and admin as two different applications. Since you don't want to convert to Application.cfc (solution bellow), you can do it in your Application.cfm
<cfapplication name="ApplicationName"
sessionmanagement="Yes"
sessiontimeout="#CreateTimeSpan('0','4','0','0')#">
For Application.cfc
<cfset this.sessionManagement = true />
<cfset this.sessionTimeout = createTimeSpan( 0, 0, 5, 0 ) />