> I'm running ColdFusion in its standalone mode, does > that still use J2EE sessions
You have to go into the memory vars section of the administrator and check the box for "Use J2EE session variables". -----Original Message----- From: Robert Rawlins - Think Blue [mailto:[EMAIL PROTECTED] Sent: Monday, May 14, 2007 11:09 AM To: CF-Talk Subject: RE: Session Security Ah that's good to know, I'm running SSL. I'm guessing the J2EE sessions are pretty tidy them. I'm running ColdFusion in its standalone mode, does that still use J2EE sessions? Are there any specific application settings I should be using in my application.cfc to help keep this all buttoned down, i've never really understood the loginstorage settings and the setdomaincookie variables. Thanks, Rob -----Original Message----- From: James Holmes [mailto:[EMAIL PROTECTED] Sent: 14 May 2007 16:02 To: CF-Talk Subject: Re: Session Security Without XSS, on a server using J2EE sessions over SSL, it's really unlikely that anyone will succeed. On 5/14/07, Claude Schneegans <[EMAIL PROTECTED]> wrote: > >>Any thoughts on where to get started with this stuff? > > Have you an example of how some one could hijack a session under CF? > > -- > _______________________________________ > REUSE CODE! Use custom tags; > See http://www.contentbox.com/claude/customtags/tagstore.cfm > (Please send any spam to this address: [EMAIL PROTECTED]) > Thanks. > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create robust enterprise, web RIAs. Upgrade & integrate Adobe Coldfusion MX7 with Flex 2 http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:278053 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
