Client Variable Cookie CFGLOBALS Includes Session Ids
By Pete Freitag
CFTOKEN) are included in the
This means that from a security prospective you need to protect the
CFGLOBALS cookie just like you would the
CFTOKEN cookies by setting the
HTTPOnly flag and possibly the
Client Variable Cookie CFGLOBALS Includes Session Ids was first published on July 14, 2011.
If you like reading about coldfusion, security, cfml, client variables, cookies, or httponly then you might also like:
- Fixinator and Foundeo Security Bundle
- CFSummit 2016 Slides
- Scope Injection in CFML
- J2EE Sessions in CF10 Uses Secure Cookies
The FuseGuard Web Application Firewall for ColdFusion & CFML is a high performance, customizable engine that blocks various attacks against your ColdFusion applications.