I’m trying to redefine the SessionID of a ColdFusion session, is this possible?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m trying to redefine the SessionID of a ColdFusion session, is this possible?
A while back I rolled my own session IDs (by turning off the session cookies in
CFAPPLICATIONand manually setting theCFIDandCFTOKENin the cookies). Sure, it was very fast, but it wasn’t always working (it worked like 99% of the time, but that’s not good enough). You can read up on the details of doing this on Adobe’s website: How to write CFID and CFTOKEN as per-session cookies.Instead, if you’re doing this to make more secure session IDs, you’re better of turning on UUID for CFTokens in CF Administrator. The generated session ID is way longer and harder to guess/calculate than the traditional session IDs.