On Sun, Mar 11, 2012 at 12:39 AM, Andrew Scott <[email protected]>wrote:
> Without knowing more on how your doing your authentication, it would be > hard to give an accurate answer either. Agreed - specifically, Richard are you doing anything unusual with your CFID/CFTOKEN tokens (or jsessionIDs)? Are you passing them in the URL anywhere? That alone can help someone hijack a session if the URL is given out as a link and contains those values. Are you using session variables or client variables? -Cameron -- Cameron Childress -- p: 678.637.5072 im: cameroncf facebook <http://www.facebook.com/cameroncf> | twitter<http://twitter.com/cameronc> | google+ <https://profiles.google.com/u/0/117829379451708140985> ... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350370 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
