Entries Tagged as “Session Management”
ColdFusion 11 Installers refreshed-Has fix for Server fails to start on enabling J2EE Session variables and Installation on Japanese OS
Administrator · Adobe ColdFusion · Adobe ColdFusion 11 · Announcements · Application Server · ColdFusion · Docs · General · Hotfix · Session Management · Updates
During first week of December 2014, we had released Full installers for ColdFusion 11 with update 3 in-built. The build number was 11,0,3,292480.
There were two issues with the build that was released(Full Installers only).
1) After Enabling J2EE Session Variables server hangs on restart/start.
2)On Japanese OSes, installer doesn't recognize the Japanese locale.
If you have applied the update 3 through Hotfix, these 2 issues won't arise for you. And also, #1 is not applicable for J2EE deployments done as EAR or WAR.
These two issues are fixed and we have refreshed the Full installers this week. The build number is: 11,0,3,292866
If you have come across #1, either you can download and use the new installer or apply the workaround on your existing server itself.
The workaround is:
Open the xml file C:\ColdFusion11\cfusion\runtime\conf\context.xml (Change it as per your installation path)
and uncomment the tag: <Manager pathname="" />
<Manager pathname="" />
Change it to:
<Manager pathname="" />
If you have come across #2, you have to download and install.
Adobe ColdFusion 10 · ColdFusion · e-seminar · Session Management · web application security
Recording for e-seminar on ColdFusion 10 Security enhancements with Title: Securing applications with ColdFusion 10 Security Enhancements is available now. Due to bad voice quality we have re-recorded it and made it available for you. See the complete session here.
You can also get the slides here.
ColdFusion · Session Management · Zeus
In the stateless HTTP web world, Session play an important role for maintaining state. Critical user data is often saved in session. There is an id associated with this session, which distinguishes requests from one user to other. This session token, often called as JSESSIONID in J2EE world is stored at client side in cookie.
Session ids are mostly stored in cookie and we have already learnt cookies are prone to attacks. Session Hijacking, Session Fixation are some of these.
These attacks can be avoided by using proper server side measures and client side cookie handling. For e.g. When a user logs out, the session data should be cleared.
or when user logs in, his current session data should be copied to a session with new ID.
This can avoid attacks like Session stealing, Session Fixation.
In ColdFusion 10, you have ready to use methods to do this. Read here to know about these methods.