Important: I do not mean ending the session associated with the current request. I mean, given some identifier, is it possible to clear out that session?
I'd like to implement Single Sign Out. As part of that, it would be convenient if on logout, I could send a POST request to each ColdFusion app using the Single Sign In, telling them to clear out the existing Session for that record.
These are the alternative techniques I've thought of:
- Storing something in a table that corresponds to the session variable, and deleting it. Each time a page is loaded, it would have to check the table for an active record
- Creating a Server-scoped struct where the session IDs are keys. After logout, the first ColdFusion app to get the logout request would delete that key from the struct
However, to avoid adding additional layers of complexity, it would be much better if I could just remove that specific session directly. That way I know that it is gone and don't have to worry about running extra code on each request.