hubcat Posted July 9, 2005 Posted July 9, 2005 Ok I have a security/cookie question. If your site has SSL (on a VPS, not shared) and Prevent Spider Sessions is set to true and Spiders.txt is up to date, then I think the only way that a SID in the URL would be an issue is if someone posted or e-mailed their link somewhere. So they could essentially only cause a problem for themselves. (As long as it isn't done by a spider.) Do I understand that correctly? If that is true, then is it worth setting Force Cookie Use to False so I don't loss potential customers? Or is there another reason to Force Cookie Use? Do the majority of you force cookies? And if so, have you noticed a loss in sales because of it? Thanks a bunch! Adrienne
♥Vger Posted July 9, 2005 Posted July 9, 2005 Do I understand that correctly? Yes, that is correct. With 'Force Cookie Use set to 'true' you will undoubtedly lose some customers. Indeed with some payment processors (not PayPal) you have to send a session id to them or the transaction will fail. Vger
hubcat Posted July 9, 2005 Author Posted July 9, 2005 Thanks for the response. Hmm. Do you know if Authorize.net requires a session ID? I have been processing transactions in test mode without issue, but I have not gone into live mode yet. I am still considering turning Force Cookies to False, but I just want to be sure I am not opening up a security issue. Forever Learning, Adrienne
Recommended Posts
Archived
This topic is now archived and is closed to further replies.