Turning on "use J2EE sessions" will give you a cryptographically strong random token.
-Cameron On Fri, Mar 29, 2013 at 11:49 AM, Rick Faircloth <[email protected]>wrote: > Hi, all... Trying to get my server to pass PCI-Compliance and I was dinged > for the server(CF) using non-random session id's (CFID's). They found three > consecutive CFID'sin use. However, I noticed in the CF documentation that > CF-Tokens are random.And I opted for the long-form CF-Tokens in the > administrator. Is there a way to use random CFID's or is that what the > random CF-Tokens arefor: to provide a pair of variables, that together > satisfy randomness requirementsfor sessions? Thanks for any feedback! Rick > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:355197 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
