Mcafee PCI Compliance failing on Session ID cookie?

Posted by frio80 on Stack Overflow See other posts from Stack Overflow or by frio80
Published on 2010-04-22T20:55:22Z Indexed on 2010/04/24 2:13 UTC
Read the original article Hit count: 287

Filed under:
|
|

Hello there. I am attempting to obtain PCI compliance for my site but the Mcafee security scan has thrown a:

Potential Sensitive Persistent Cookie Sent Over a Non-Encrypted (SSL) Channel

Drupal (default behavior) sets a session cookie when you simply arrive at the site. This is causing the problem. Clearly, the entire site shouldn't be under SSL; plenty of other sites set session cookies like this.

What gives?

© Stack Overflow or respective owner

Related posts about pci-dss

Related posts about drupal