cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0
Upvote

What is CFToken data type?

Guest
Oct 10, 2010 Oct 10, 2010

Hi,

I have an application running on a shared server, and one of the variables that we log is CFToken.  We have been saving them in our database as 'integer' type.  It's been working as the CFToken is in the format of 8-digit numeric.

In the past one week, however, we have been getting quite a few number of sessions whose CFTokens are 50-digit alpha-numeric.  Needless to say, they have caused errors each time the system try to save them.

I asked our host company why this is the case, but their answer is CFToken is supposed to be alpha-numeric.  However, this has not been the case for me in the past.  Even now, most of the CFTokens generated are still of the 8-digit numeric format.  Only a small number are 50-digit alpha numeric.

Can anyone shed a light?

Thanks,

2.2K
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 5 Replies 5
latest latest Jump to latest reply
-__cfSearching__-
Valorous Hero ,
Oct 10, 2010 Oct 10, 2010

I believe it depends on what settings are used. The default is "an eight-digit random number". But if the "Use UUID for CFTOKEN" setting is enabled, the value becomes a hexadecimal number.

http://help.adobe.com/en_US/ColdFusion/9.0/Developing/WSc3ff6d0ea77859461172e0811cbec0c35c-7fef.html

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Oct 10, 2010 Oct 10, 2010
In Response To -__cfSearching__-

Thanks, cf_searching.  It seems that our CF is still defaulted to the 8-digit number, but occassionally we are getting the alpha-numeric version.  I'll check back with our host admin.  Thanks again.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Upen1
Participant ,
May 23, 2011 May 23, 2011

Hey, There is a set up in ColdFusion Admin that, whether you want to use a UUID as cftoken value or the default 8 digit numeric value .

(Server Settings > Settings #

If you do not want to use the UUID as cftoken value then uncheck the check box.

(NOTE: Make sure to clear the browser cookie and cache).

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
pete_freitag
Enthusiast ,
May 23, 2011 May 23, 2011
In Response To Upen1

I just wanted to point out, since it has not been mentioned that you really should be using the longer version of CFToken which contains a UUID. The integer version is very easy to guess, and therefor steal sessions. So your host did the right thing by enabling the UUID it's much more secure, you may need to update your database schema to accomodate this change.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
MakhanRoul
New Here ,
May 23, 2011 May 23, 2011
LATEST
In Response To pete_freitag

@Peter, Yes you are right.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Open in a new window
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices