Announcement

Collapse
No announcement yet.

Full HTTPS and having issues with Session in URL still

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Full HTTPS and having issues with Session in URL still

    Hello all,

    I have followed the guide for converting to full SSL on the site so i can pass PCI compliance. I am still having an issue with the session ID still in the url when the site is scanned. I have set the session to never and cookies to https only and secure as in the document. any insights as to where i could have gone wrong?

    https://www.miva.com/blog/how-to-con...tore-to-https/

  • lifeisboost could you post a link to the site, please?
    Leslie Kirk
    Miva Certified Developer
    Miva Merchant Specialist since 1997
    Previously of Webs Your Way
    (aka Leslie Nord leslienord)

    Email me: [email protected]
    www.lesliekirk.com

    Follow me: Twitter | Facebook | FourSquare | Pinterest | Flickr

    Comment


    • I'm not aware of any PCI issues with having session ids in the URL. Usually, they are removed because of SEO reasons (valid or not).
      Bruce Golub
      Phosphor Media - "Your Success is our Business"

      Improve Your Customer Service | Get MORE Customers | Edit CSS/Javascript/HTML Easily | Make Your Site Faster | Get Indexed by Google | Free Modules | Follow Us on Facebook
      phosphormedia.com

      Comment


      • The issue is the PCI scanner thinks the site is not using secure cookies because of this and fails the site. The site only allows HTTPS communication and cookies are only set on https. I would rather not post the url to the site as it is a site i am working on and this is the only issue i cannot resolve. i can send a screenshot of anything needed.

        Comment


        • What PCI scanner is doing that? It should be checking the cookie if its worried about whether they are secure or not.

          You should publish a sanitized version of your domain settings. Might be an issue with the combination of settings.
          Bruce Golub
          Phosphor Media - "Your Success is our Business"

          Improve Your Customer Service | Get MORE Customers | Edit CSS/Javascript/HTML Easily | Make Your Site Faster | Get Indexed by Google | Free Modules | Follow Us on Facebook
          phosphormedia.com

          Comment


          • the pci scanner is https://www.pciapply.com unfortunatly it will not allow me to add attachments

            Comment


            • Just wondering since I know nothing about your site setup, are you using URI management fully? Did you make sure all the code on your site is not calling the sessionID but the URI management page instead? Did you do a find/replace on the site for any URI management code not loading the :secure; URI? Do you have any JavaScripts etc that call in the non-secure URI? Did you force your site to be HTTPS in your root htaccess? Tons of other what-if's here.
              Colin Puttick
              I solemnly swear that I am up to no good...

              Comment


              • You need to find all pages where you build links with session parameters, and change all templates accordingly.

                Comment

                Working...
                X

                This website uses cookies to identify visitors, track visitors to our website, store login session information and to remember your user preferences. By continuing to use this site you agree to our use of cookies. Learn More.

                This website uses cookies. By continuing to use this site you agree to our use of cookies. Learn More.

                Accept