Session Cookie (pmf_sid) PCI compliance

All about webserver configurations, PHP and databases.

Moderator: Thorsten

Post Reply
Posts: 3
Joined: Thu May 25, 2017 3:49 pm

Session Cookie (pmf_sid) PCI compliance

Post by GBC » Fri Jun 09, 2017 1:40 pm


Before I start fiddling with phpMyFAQ script I thought I ask if there has already been a developed measure in place to set 'httpOnly' agaist pmf_sid cookie, at all?
Idally, it would be interesting to see if one can set 'httpOnly' and 'Secure' all toghether.

Please note, our php.ini has already working flags (which show up on other cookies), yet these are not being picked up by pmf_sid.

I'd appreciate your thoughts on this.

Thank you

Posts: 14373
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq

Re: Session Cookie (pmf_sid) PCI compliance

Post by Thorsten » Thu Jun 15, 2017 9:30 am


I tried httpOnly cookies some years ago and they worked on most user scenarios.

phpMyFAQ Maintainer and Lead Developer Wishlist

Post Reply

Who is online

Users browsing this forum: Yahoo [Bot] and 2 guests