From c03bbb2279e2b8147cdc6e81813ff9e2c3212574 Mon Sep 17 00:00:00 2001 From: michaeloffner Date: Wed, 19 Feb 2025 16:55:30 +0100 Subject: [PATCH] improve session handling recipe --- docs/recipes/session-handling.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/docs/recipes/session-handling.md b/docs/recipes/session-handling.md index 94d87aa82..4f5e80797 100644 --- a/docs/recipes/session-handling.md +++ b/docs/recipes/session-handling.md @@ -192,9 +192,13 @@ Since Lucee 6.1, Lucee only accepts the key in the URL in case it has active ses So in case you are using a storage (not "memory"), this is only up to a minute. Since Lucee 6.1 you can completely block the use of CFID in the url by setting the following system property -``` -Dlucee.read.cfid.from.url=false``` +```properties + -Dlucee.read.cfid.from.url=false +``` or environment variable -``` LUCEE_READ_CFID_FROM_URL=false``` +```bash + LUCEE_READ_CFID_FROM_URL=false +``` ## Best Practices