Client Variable Cookie CFGLOBALS Includes Session Ids

coldfusion I was recently conducting a CFML security review for a client and realized that when you have client variables set to use Cookies, the session ID's (eg CFIDE and CFTOKEN) are included in the CFGLOBALS cookie.


This entry was:

foundeo


did you hack my cf?