Secure Cookies - Failed PCI scan.

Posted: June 01, 2017 at 6:44 AM Quote #188502
We have a site running on V3.6 that has failed a WorldPay PCI scan by SYSNET for not delivering secure cookies. The whole site runs on https secure URLS with a redirect from non-SLL to SSL. How do we redirect the cookies to be delivered via SSL? Thank you, James
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: June 01, 2017 at 9:37 AM Quote #188510
I have been informed it is a simple task of adding to the web.config file under <system.web>, the following <httpCookies requireSSL="true" />.
Does anyone have any knowledge if this is correct? Any help is appreciated. Many thanks.
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Premium support services
  • Dedicated premium support services provided by core developers are intended for persons who run mission critical websites, work on projects with tight deadlines, or want to get dedicated support.
Professional services
  • Want to open a new store? Want to take your store to the next level? Need a custom extension? We can customize nopCommerce to fit your store perfectly. Request a quote to get started.