Note that by default concurrent login sessions will be enabled. Also, when the secure profile is enabled, concurrent login will be disabled.
Changes in Administrator API
The Administrator API CFC, security.cfc has also been updated with the following new APIs:
- isAllowCuncurrentAdminLogin – Find out of concurrent login sessions are allowed
- setAllowConcurrentAdminLogin – Enable/Disable concurrent login sessions
You can use this APIs to enable/disable concurrent login sessions programmatically. The CFC for this Administrator API are located in the cf_web_root/CFIDE/adminapi/security.cfc.
Note: When secure profile is enabled on the Server, the ColdFusion Administrator will run in a single login session per username mode (concurrent mode disabled).
Support for PBKDF2 key derivation
Enabling Secure Profile
With ColdFusion 10 and above you can use Secure Profile to configure selected settings. Secure Profile can be enabled during installation. You can also provide a list of IP addresses which will be allowed to access Administrator Console. In ColdFusion 11, secure profile configuration facility is extended to the Administrator console to support post installation configuration.
To do this, from the ColdFusion Administration console, select from the ColdFusion Administrator console, Security > Secure Profile (displayed below) and click the Enable Secure Profile check box to use ColdFusion’s recommended default secure profile settings.
Administrator settings affected by enabling Secure Profile
A table indicating the current settings, Secure default Settings, and values at the time you enable secure profile are displayed.
Enable or disable using this check box to change between Secure and Normal modes respectively.