make JSESSIONID in COldFusion not able to be cached

Posted on 2009-05-01
Medium Priority
Last Modified: 2013-12-24
This is second big problem I am having with ColdFusion built-in variable JSESSIONID. I am using it as a cookie to keep track of sessions.

When I run a security report, report tells me that JESSIONID is a security danger because it can be cached.

So I try to make it not be cached by adding this to make no cookies be cached:

<cfheader name="Cache-control" value="no-cache='set-cookie'">

But still says it is cached. How do I make it not be cached?

Thank you!

PS I also have similar problem cannot make JSESSIONID a HTTPOnly cookie: http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/Cold_Fusion_Markup_Language/Q_24373304.html
Question by:adnank
1 Comment

Accepted Solution

vonRogue earned 1500 total points
ID: 24351265
By stating that JSESSIONID is giving you some trouble, I'm assuming you've setup CF to use J2EE sessions... which is a good thing.

These cookies should definitely be erased when the browser is closed. Are you experiencing something to the contrary? In other words, after closing a browser and then reopening it, is your JSESSIONID cookie still there?

What security report are you running?

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently while working on a project I got a very annoying cfdocument has no body error message. I had never seen this error before. So I checked the code. The code was pretty simple; it was Just showing me the cfdocumnt tag and inside that tag a …
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question