Safer CFTOKEN Values

ColdFusion uses CFID and CFTOKEN to uniquely identify sessions, CFID is an incremental number and CFTOKEN is a random number (the combination of which make a unique session). CFTOKEN values may not be unique (CFID always will be) – but for added safety you can make CFTOKEN unique too by checking the “Use UUID for cftoken” in the ColdFusion Administrator Settings page. (Applies to: ColdFusion MX)

Leave a Reply