Adobe 38043740 - ColdFusion Standard - Mac Manual page 66
Server lockdown guide
Hide thumbs
Also See for 38043740 - ColdFusion Standard - Mac:
- User manual (112 pages) ,
- Development manual (1350 pages)
Table of Contents
Advertisement
Setting
Default
Maximum
2 Days
Timeout:
Session
Variables
Default
20 Minutes
Timeout:
Session
Variables
Cookie
1440 Minutes
Timeout
HTTPOnly
Checked
Secure
Unchecked
Recommendation
Description
Lower
Two days is generally too long for
sessions to persist. Lower session
timeouts reduce the window of risk
of session hijacking.
Lower
Twenty minutes is a good default
value, but high security applications
will require a lower timeout value.
-1
By setting to -1 ColdFusion will set
the session cookie as a browser
session cookie, which is valid as
long as the users browser window is
open.
As of this writing you cannot specify
a value of -1 using ColdFusion
administrator, however you can set
this value by editing the
sessionCookieTimeout
in the
neo-runtime.xml
Checked
Session cookies should always be
marked as HTTPOnly to prevent
JavaScript or other client side
technologies from accessing their
values (on supported clients).
Checked if all sites
A client will only transmit a secure
require SSL.
cookie over a secured connection
(eg SSL).
value
file.
66
Advertisement
Table of Contents
Related Manuals for Adobe 38043740 - ColdFusion Standard - Mac
Related Products for Adobe 38043740 - ColdFusion Standard - Mac
- Adobe 38040334 - Dreamweaver CS3
- Adobe 38040286 - Contribute CS3 - PC
- Adobe 38040165 - Visual Communicator - PC
- Adobe 38043755 - ColdFusion Enterprise - Mac
- Adobe 38000511 - Macromedia Flash Basic
- Adobe 38039927 - Fireworks CS3 - PC
- Adobe 38039481 - Flash CS3 Professional
- Adobe 38000827 - Macromedia ColdFusion MX Standard Edition