Announcement

Collapse
No announcement yet.

Full HTTPS and having issues with Session in URL still

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • AHerb
    replied
    You need to find all pages where you build links with session parameters, and change all templates accordingly.

    Leave a comment:


  • dreamingdigital
    replied
    Just wondering since I know nothing about your site setup, are you using URI management fully? Did you make sure all the code on your site is not calling the sessionID but the URI management page instead? Did you do a find/replace on the site for any URI management code not loading the :secure; URI? Do you have any JavaScripts etc that call in the non-secure URI? Did you force your site to be HTTPS in your root htaccess? Tons of other what-if's here.

    Leave a comment:


  • lifeisboost
    replied
    the pci scanner is https://www.pciapply.com unfortunatly it will not allow me to add attachments

    Leave a comment:


  • Bruce - PhosphorMedia
    replied
    What PCI scanner is doing that? It should be checking the cookie if its worried about whether they are secure or not.

    You should publish a sanitized version of your domain settings. Might be an issue with the combination of settings.

    Leave a comment:


  • lifeisboost
    replied
    The issue is the PCI scanner thinks the site is not using secure cookies because of this and fails the site. The site only allows HTTPS communication and cookies are only set on https. I would rather not post the url to the site as it is a site i am working on and this is the only issue i cannot resolve. i can send a screenshot of anything needed.

    Leave a comment:


  • Bruce - PhosphorMedia
    replied
    I'm not aware of any PCI issues with having session ids in the URL. Usually, they are removed because of SEO reasons (valid or not).

    Leave a comment:


  • lesliekirk
    replied
    lifeisboost could you post a link to the site, please?

    Leave a comment:


  • Full HTTPS and having issues with Session in URL still

    Hello all,

    I have followed the guide for converting to full SSL on the site so i can pass PCI compliance. I am still having an issue with the session ID still in the url when the site is scanned. I have set the session to never and cookies to https only and secure as in the document. any insights as to where i could have gone wrong?

    https://www.miva.com/blog/how-to-con...tore-to-https/
Working...
X