System information
Adobe documentation - Confidential
Setting
Default
Recommendation
Description
Default Storage
Mechanism for
Client Sessions
Cookie
None / Cookie
If applications have client
management enabled a large
amount of data can accumulate on
the server. This can lead to a
storage failure if disks become full.
Because the registry is typically
located on the system partition it is
not recommended to use the
Registry.
Server Settings > Memory Variables
Setting
Default
Recommendation
Description
Use J2EE session
variables
Unchecked
Checked if J2EE
interoperability
required.
When checked ColdFusion will use
the session management of the
underlying JEE container (eg
Tomcat) instead of it
’s own
CFID/CFTOKEN.
When J2EE sessions are enabled
certain features such as application
specific session cookie settings
(this.sessionCookie in
Application.cfc) do not apply. The
functions SessionRotate and
SessionInvalidate do operate on
J2EE sessions.
Enable Session
Variables
Checked
Unchecked only if
not using sessions
Most applications require session
variables but if none of the
applications on the server require
them uncheck this box.
Maximum Timeout:
Session Variables
2 Days
Lower
Two days is generally too long for
sessions to persist. Lower session
timeouts reduce the window of risk
of session hijacking.
Default Timeout:
Session Variables
20 Minutes
Lower
Twenty minutes is a good default
value, but high security applications
will require a lower timeout value.
Adobe documentation - Confidential