Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

webappsec logo WebApp Sec mailing list archives

Re: ColdFusion - CFID & CFTOKEN
From: ron thigpen <ron () fuzzsonic com>
Date: Wed, 11 May 2005 11:47:09 -0400
Jason binger wrote:

I am currently doing some work with CF MX 6.1 and was
wondering if anyone had some information on the
strength of the CF cookie implementation.
Since CFMX it has been an option to use J2EE session management. In this case, the session would be indentified by the J2EE jsessionid.
The CFID/CFTOKEN method is still available for backwards compatibility, but may be disabled via a server setting. 

from:
<http://livedocs.macromedia.com/coldfusion/6.1/htmldocs/shared10.htm>

<quote>
You can configure ColdFusion MX to use J2EE servlet session management instead of ColdFusion session management for session variables. This method of session management does not use CFID and CFToken values, but does use a client-side jsessionid session management cookie. For more information on using J2EE session management, see ColdFusion and J2EE session management. 
</quote>

more here:
<http://www.macromedia.com/cfusion/knowledgebase/index.cfm?id=tn_18232>

--rt

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]