Session Cookie (pmf_sid) PCI compliance
Posted: Fri Jun 09, 2017 1:40 pm
Hi,
Before I start fiddling with phpMyFAQ script I thought I ask if there has already been a developed measure in place to set 'httpOnly' agaist pmf_sid cookie, at all?
Idally, it would be interesting to see if one can set 'httpOnly' and 'Secure' all toghether.
Please note, our php.ini has already working flags (which show up on other cookies), yet these are not being picked up by pmf_sid.
I'd appreciate your thoughts on this.
Thank you
Before I start fiddling with phpMyFAQ script I thought I ask if there has already been a developed measure in place to set 'httpOnly' agaist pmf_sid cookie, at all?
Idally, it would be interesting to see if one can set 'httpOnly' and 'Secure' all toghether.
Please note, our php.ini has already working flags (which show up on other cookies), yet these are not being picked up by pmf_sid.
I'd appreciate your thoughts on this.
Thank you