Re: CF11 : cflogin doesn't "stuck" after session/login timeout

What if you modify the code like this, also making it more maintainable:

Application.cfc

<cfcomponent

output="false"

hint="I define the application settings and event handlers.">

        <!--- Define the application settings. --->

        <cfset this.name = hash(getCurrentTemplatePath()) />

        <cfset this.applicationTimeout = createTimeSpan( 1, 0, 0, 0 ) />

        <cfset this.sessionTimeout = createTimeSpan( 0, 0, 20, 0 ) />

        <!--- Set up the application. --->

        <cfset THIS.SessionManagement = true />

        <cfset THIS.ClientManagement = true />

        <cfset THIS.SetClientCookies = true />

        <cfset THIS.loginStorage = "Session" />

        <cfset THIS.clientStorage = "sidys" />

        <!--- Define the request settings. --->

        <cfsetting showdebugoutput="false" />

        <cffunction

                name="OnRequestStart"

                access="public"

                returntype="boolean"

                output="true"

                hint="Fires at first part of page processing.">

                <!--- Define arguments. --->

                <cfargument

                name="TargetPage"

                type="string"

                required="true"

                />

                <cfset SetLocale("fr_FR") />

                <cfif IsDefined("Form.logout") or IsDefined("URL.logout")>

                        <cflogout />

                </cfif>

                   <cflogin idletimeout="1200"> 

                  <cfinclude template="form.inc" /> 

                   <cfif isDefined("cflogin.name") AND cflogin.name IS NOT "" AND cflogin.password IS NOT "">

                         <!--- login form submitted, with username and password filled in --->                       

                         <cfloginuser name="#cflogin.name#" Password="#cflogin.password#" roles="role">

                         <cfset Session.id=cflogin.name />

                  <cfelseif getAuthUser() IS "">

                          <!--- User not yet logged in --->

                          <cfinclude template="loginForm.cfm">

                          <cfabort>

                 </cfif>

                </cflogin>

        <cfif getAuthUser() NEQ "">

            <cfinclude template="logoutForm.cfm">

            <cfabort>

        </cfif> 

    <cfreturn true />

    </cffunction>

</cfcomponent>

loginForm.cfm

<form method="post">

<b>login :</b>

<input type="text" name="j_username" size="24" class="champ" />

<b>password :</b>

<input type="password" name="j_password" size="15" class="champ" />

<input type="submit" value="Login" class="button" name="submit" />

</form>

logoutForm.cfm

<form method="Post">

<input type="submit" Name="Logout" value="Logout">

</form>

Added edit: I removed the session lock, as I think it is unnecessary.