Mailing List Archive

PCI validation and MV_SESSION_ID
Hi - My PCI scan vendor is complaining that MV_SESSION_ID "Cookie Does
Not Contain The "secure" Attribute" and "Cookie Does Not Contain The
"secure" Attribute". Can these attributes be set in a catalog config
file? I searched the documentation but didn't find any clues. Thanks!

DB
_______________________________________________
interchange-users mailing list
interchange-users@interchangecommerce.org
https://www.interchangecommerce.org/mailman/listinfo/interchange-users
Re: PCI validation and MV_SESSION_ID [ In reply to ]
I have not tested it, but I believe you can use the SessionCookieSecure
catalog directive -
https://www.interchangecommerce.org/docs/confs/SessionCookieSecure.html

Cheers,
-Andrew

On Sat, Apr 4, 2020 at 12:04 PM DB <db@m-and-d.com> wrote:

> Hi - My PCI scan vendor is complaining that MV_SESSION_ID "Cookie Does
> Not Contain The "secure" Attribute" and "Cookie Does Not Contain The
> "secure" Attribute". Can these attributes be set in a catalog config
> file? I searched the documentation but didn't find any clues. Thanks!
>
> DB
> _______________________________________________
> interchange-users mailing list
> interchange-users@interchangecommerce.org
> https://www.interchangecommerce.org/mailman/listinfo/interchange-users
>


--

403.669.8017
Re: PCI validation and MV_SESSION_ID [ In reply to ]
> I have not tested it, but I believe you can use the SessionCookieSecure
> catalog directive -
> https://www.interchangecommerce.org/docs/confs/SessionCookieSecure.html
>
> Cheers,
> -Andrew
>
> On Sat, Apr 4, 2020 at 12:04 PM DB <db at m-and-d.com> wrote:
>
>> Hi - My PCI scan vendor is complaining that MV_SESSION_ID "Cookie Does
>> Not Contain The "secure" Attribute" and "Cookie Does Not Contain The
>> "secure" Attribute". Can these attributes be set in a catalog config
>> file? I searched the documentation but didn't find any clues. Thanks!
>>
>> DB
>> _______________________________________________
>> interchange-users mailing list
>> interchange-users at interchangecommerce.org
>> https://www.interchangecommerce.org/mailman/listinfo/interchange-users
>>

Thanks! They were also whining about HTTPOnly and the these two lines
seem to do the trick

SessionCookieSecure Yes
Pragma set_httponly=yes


DB
_______________________________________________
interchange-users mailing list
interchange-users@interchangecommerce.org
https://www.interchangecommerce.org/mailman/listinfo/interchange-users