ColdFusion manages sessions by keying on cookie values for CFID and CFTOKEN, by default. It has been found that ColdFusion will accept empty string values for either or both of these variables. If an application accidentally stored empty values to CFID and CFTOKEN, all users could share the same session data.
This update will cause ColdFusion to create a new session if CFID and/or CFTOKEN values are empty strings.
You use the ColdFusion 8 Administrator to install hot fixes. The installation process is the same for all platforms and installation choices.
The ColdFusion 8.0 hot fix JAR file does not need to be retained after installing it with the ColdFusion Administrator. The file has been copied into the correct location.
The ColdFusion 8.0 hot fix JAR file will appear as a new entry in the System Information list.
Hot fixes are installed in the cf_root\lib\updates directory. To uninstall a hot fix, delete the JAR file from the updates directory that are being replaced by the cumulative update, after stopping the ColdFusion 8 application server.
You use the ColdFusionMX 7 Administrator to install hot fixes. The installation process is the same for all platforms and installation choices.
The ColdFusionMX 7.02 hot fix JAR file does not need to be retained after installing it with the ColdFusion Administrator. The file has been copied into the correct location.
The ColdFusionMX 7.02 hot fix JAR file will appear as a new entry in the System Information list.
Hot fixes are installed in the cf_root\lib\updates directory. To uninstall a hot fix, delete the JAR file from the updates directory, after stopping the ColdFusionMX 7.02 application server.
Keywords:
kb402805
Twitter™ and Facebook posts are not covered under the terms of Creative Commons.
