Mcafee PCI Compliance failing on Session ID cookie?
Posted
by frio80
on Stack Overflow
See other posts from Stack Overflow
or by frio80
Published on 2010-04-22T20:55:22Z
Indexed on
2010/04/24
2:13 UTC
Read the original article
Hit count: 287
Hello there. I am attempting to obtain PCI compliance for my site but the Mcafee security scan has thrown a:
Potential Sensitive Persistent Cookie Sent Over a Non-Encrypted (SSL) Channel
Drupal (default behavior) sets a session cookie when you simply arrive at the site. This is causing the problem. Clearly, the entire site shouldn't be under SSL; plenty of other sites set session cookies like this.
What gives?
© Stack Overflow or respective owner