This is second big problem I am having with ColdFusion built-in variable JSESSIONID. I am using it as a cookie to keep track of sessions.
When I run a security report, report tells me that JESSIONID is a security danger because it can be cached.
So I try to make it not be cached by adding this to make no cookies be cached:
<cfheader name="Cache-control" value="no-cache='set-cooki
But still says it is cached. How do I make it not be cached?
PS I also have similar problem cannot make JSESSIONID a HTTPOnly cookie: http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/Cold_Fusion_Markup_Language/Q_24373304.html