[ic] PCI validation and MV_SESSION_ID
DB
db at m-and-d.com
Sun Apr 5 14:23:01 UTC 2020
> I have not tested it, but I believe you can use the SessionCookieSecure
> catalog directive -
> https://www.interchangecommerce.org/docs/confs/SessionCookieSecure.html
>
> Cheers,
> -Andrew
>
> On Sat, Apr 4, 2020 at 12:04 PM DB <db at m-and-d.com> wrote:
>
>> Hi - My PCI scan vendor is complaining that MV_SESSION_ID "Cookie Does
>> Not Contain The "secure" Attribute" and "Cookie Does Not Contain The
>> "secure" Attribute". Can these attributes be set in a catalog config
>> file? I searched the documentation but didn't find any clues. Thanks!
>>
>> DB
>> _______________________________________________
>> interchange-users mailing list
>> interchange-users at interchangecommerce.org
>> https://www.interchangecommerce.org/mailman/listinfo/interchange-users
>>
Thanks! They were also whining about HTTPOnly and the these two lines
seem to do the trick
SessionCookieSecure Yes
Pragma set_httponly=yes
DB
More information about the interchange-users
mailing list