July 14, 2011

Client Variable Cookie CFGLOBALS Includes Session Ids

coldfusion I was recently conducting a CFML security review for a client and realized that when you have client variables set to use Cookies, the session ID's (eg CFIDE and CFTOKEN) are included in the CFGLOBALS cookie.
| Post Comment | ColdFusion


This entry was:

foundeo


did you hack my cf?



Archives:
2019 2018 2017 2016

2015 2014 2013 2012

2011 2010 2009 2008

2007 2006 2005 2004

2003 2002