Gustavo_Lazarte
Oct 16, 2009Nimbostratus
remove CFID value from header
Hello,
in a security audit we are trying to remove or remove the Set-Cookie CFID value from HTTP::response for a security audit
here is the header
HTTP/1.1·200·OK(CR)(LF)
Connection:·close(CR)(LF)
Date:·Fri,·16·Oct·2009·14:24:57·GMT(CR)(LF)
Server:·Microsoft-IIS/6.0(CR)(LF)
X-Powered-By:·ASP.NET(CR)(LF)
Set-Cookie:·CFID=132674;expires=Sun,·09-Oct-2039·14:24:57·GMT;path=/(CR)(LF)
Set-Cookie:·CFTOKEN=65675058;expires=Sun,·09-Oct-2039·14:24:57·GMT;path=/(CR)(LF)
Set-Cookie:·JSESSIONID=7430852b76ea78392959;path=/(CR)(LF)
Set-Cookie:·CFTOKEN=;expires=Thu,·16-Oct-2008·14:24:57·GMT;path=/(CR)(LF)
Set-Cookie:·CFID=;expires=Thu,·16-Oct-2008·14:24:57·GMT;path=/(CR)(LF)
Set-Cookie:·SERVERID=webserver09;expires=Fri,·16-Oct-2009·17:24:57·GMT;path=/(CR)(LF)
Set-Cookie:·CFGLOBALS=urltoken%3DCFID%23%3D132674%26CFTOKEN%23%3D65675058%26jsessionid%23%3D7430852b76ea78392959%23lastvisit%3D%7Bts%20%272009%2D10%2D16%2010%3A24%3A57%27%7D%23timecreated%3D%7Bts%20%272009%2D10%2D16%2010%3A24%3A57%27%7D%23hitcount%3D2%23;expires=Sun,·09-Oct-2039·14:24:57·GMT;path=/(CR)(LF)
pragma:·no-cache(CR)(LF)
expires:·Fri,·16·Oct·2009·14:24:57·GMT(CR)(LF)
cache-control:·no-cache,·no-store,·must-revalidate(CR)(LF)
Content-Language:·en-US(CR)(LF)
Content-Type:·text/html;·charset=UTF-8(CR)(LF)
Set-Cookie:·BIGIP=150995210.20480.0000;·path=/(CR)(LF)
Let me know if you have any recomendations