Entries Tagged as “Session Management”
Adobe ColdFusion 10 | ColdFusion | e-seminar | Session Management | web application security
Recording for e-seminar on ColdFusion 10 Security enhancements with Title: Securing applications with ColdFusion 10 Security Enhancements is available now. Due to bad voice quality we have re-recorded it and made it available for you. See the complete session here.
You can also get the slides here.
ColdFusion | Session Management | Zeus
In the stateless HTTP web world, Session play an important role for maintaining state. Critical user data is often saved in session. There is an id associated with this session, which distinguishes requests from one user to other. This session token, often called as JSESSIONID in J2EE world is stored at client side in cookie.
Session ids are mostly stored in cookie and we have already learnt cookies are prone to attacks. Session Hijacking, Session Fixation are some of these.
These attacks can be avoided by using proper server side measures and client side cookie handling. For e.g. When a user logs out, the session data should be cleared.
or when user logs in, his current session data should be copied to a session with new ID.
This can avoid attacks like Session stealing, Session Fixation.
In ColdFusion 10, you have ready to use methods to do this. Read here to know about these methods.