Pete Freitag
Blog
Consulting
Products
Contact Me
July 14, 2011
Client Variable Cookie CFGLOBALS Includes Session Ids
I was recently conducting a CFML security review for a client and realized that when you have client variables set to use Cookies, the session ID's (eg CFIDE and CFTOKEN) are included in the CFGLOBALS cookie.
Permalink
|
Post Comment
|
ColdFusion
This entry was:
Useful
Very Useful
Not Useful
Follow @pfreitag
Archives:
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002