Entries Tagged as “Session Management”

Catch e-seminar on ColdFusion 10 & security enhancements

August 19, 2012 / Shilpi Khariwal

  Adobe ColdFusion 10 | ColdFusion | e-seminar | Session Management | web application security

Recording for e-seminar on ColdFusion 10 Security enhancements with Title: Securing applications with ColdFusion 10 Security Enhancements is available now. Due to bad voice quality we have re-recorded it and made it available for you. See the complete session here.

 

You can also get the slides here.


Improved Session Management in ColdFusion 10

March 12, 2012 / Shilpi Khariwal

  ColdFusion | Session Management | Zeus

In the stateless HTTP web world, Session play an important role for maintaining state. Critical user data is often saved in session. There is an id associated with this session, which distinguishes requests from one user to other. This session token, often called as JSESSIONID in J2EE world is stored at client side in cookie.

Session ids are mostly stored in cookie and we have already learnt cookies are prone to attacks. Session Hijacking, Session Fixation are some of these.

These attacks can be avoided by using proper server side measures and client side cookie handling. For  e.g. When a user logs out, the session data should be cleared.
or when user logs in, his current session data should be copied to a session with new ID.
This can avoid attacks like Session stealing, Session Fixation.

In ColdFusion 10, you have ready to use methods to do this. Read here to know about these methods.


Blue Mango Theme Design By Mark Aplet

Super Powered by Mango Blog