>> Does your response to Requirement #8 address the Predictable Cookie
>> Session ID vulnerability I have seen associated with cartID sessions?
Michael Evangelista
Cartweaver ColdFusion Lead Developer
--
ColdFusion Reseller Hosting
http://www.GoWestHosting.com
>> Session ID vulnerability I have seen associated with cartID sessions?
For the ColdFusion version, this is generally something that needs to be managed by the host, with the ColdFusion server admin session options.
Michael Evangelista
Cartweaver ColdFusion Lead Developer
--
ColdFusion Reseller Hosting
http://www.GoWestHosting.com