July 14, 2011

Client Variable Cookie CFGLOBALS Includes Session Ids

coldfusion I was recently conducting a CFML security review for a client and realized that when you have client variables set to use Cookies, the session ID's (eg CFIDE and CFTOKEN) are included in the CFGLOBALS cookie.
| Post Comment | ColdFusion


This entry was:

foundeo


did you hack my cf?



Archives:
2018 2017 2016 2015

2014 2013 2012 2011

2010 2009 2008 2007

2006 2005 2004 2003

2002