Thanks for your help with these issues. Im caught up with this secure cookie issue. It seems like these PCI Compliance scanners dont really believe that these things are problems, but there software identified something and they need to justify signing off on it. This is a message from the scan tech...
"Sorry, we will need a response that addresses this vulnerability in order to provide an exception. You will need to either add the secure flag or provide a statement that there is no sensitive data in the cookie."
Can someone please give me an answer that I could give that explains that there is no sensitive date in the cookie or directions on how to add the secure flag? (I realize I could just write the statement, "there is no sensitive date in the cookie", I just figure if it includes some kind of technical explanation they will be quick to accept it. I just really need to stop spending time on this.)
thanks for any help.
Bookmarks