System information
Adobe documentation - Confidential
Setting
Default
Recommendation
Description
Cookie Timeout
1440 Minutes
-1
By setting to -1 ColdFusion will set
the session cookie as a browser
session cookies, which is valid as
long as the users browser window is
open.
HTTPOnly
Checked
Checked
Session cookies should always be
marked as HTTPOnly to prevent
JavaScript or other client side
technologies from accessing their
values (on supported clients).
Secure
Unchecked
Checked if all sites
require SSL.
A client will only transmit a secure
cookie over a secured connection
(eg SSL).
Disable updating
ColdFusion internal
cookies using
ColdFusion
tags/functions.
Checked on
Secure Profile
Checked if all sites
require SSL.
You can use this feature to prevent
a developer from overriding your
global session cookie security
settings.
Server Settings > Mappings
Remove any mappings your applications do not require, such as /gateway
Server Settings > Mail
Setting
Default
Recommendation
Description
Enable SSL socket
connections to mail
server
Unchecked
Checked if
supported
Consider enabling SSL or TLS
encryption for sending mail with
ColdFusion.
Enable TLS
connection to mail
server
Unchecked
Checked if
supported
Consider enabling SSL or TLS
encryption for sending mail with
ColdFusion.
Server Settings > WebSocket
Adobe documentation - Confidential