Adobe 38043740 Lockdown Guide - Page 66
Maximum, Timeout, Session, Variables, Default, Cookie, Secure, sessionCookieTimeout, neo-runtime.xml
 |
UPC - 883919135168
View all Adobe 38043740 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 66 highlights
Setting Maximum Timeout: Session Variables Default Timeout: Session Variables Cookie Timeout Default 2 Days 20 Minutes 1440 Minutes HTTPOnly Checked Secure Unchecked Recommendation Description Lower Two days is generally too long for sessions to persist. Lower session timeouts reduce the window of risk of session hijacking. Lower Twenty minutes is a good default value, but high security applications will require a lower timeout value. -1 By setting to -1 ColdFusion will set the session cookie as a browser session cookie, which is valid as long as the users browser window is open. As of this writing you cannot specify a value of -1 using ColdFusion administrator, however you can set this value by editing the sessionCookieTimeout value in the neo-runtime.xml file. Checked Session cookies should always be marked as HTTPOnly to prevent JavaScript or other client side technologies from accessing their values (on supported clients). Checked if all sites A client will only transmit a secure require SSL. cookie over a secured connection (eg SSL). 66
-
1 -
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61 -
62 -
63 -
64 -
65 -
66 -
67 -
68 -
69 -
70 -
71 -
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
 |
 |
