Dennisra Posted March 6, 2008 Posted March 6, 2008 PCI certification requires the the cookie be secure. How is the easiest way to set every cookie as secure in osCommerce? Even prior to login.
germ Posted March 6, 2008 Posted March 6, 2008 Look in your PHP code for all occurrence of "setcookie", as in /catalog/includes/general.php function tep_setcookie($name, $value = '', $expire = 0, $path = '/', $domain = '', $secure = 0) { setcookie($name, $value, $expire, $path, (tep_not_null($domain) ? $domain : ''), $secure); } Do you suppose it would be as simple as changing: $secure = 0 to: $secure = 1 :unsure: That is actually a PHP function. You can look up here: PHP - setcookie There are other instances of "setcookie" in osC code than the one I posted. You'd have to be sure to find and change them all. I can find it in sessions.php, application_top.php, and general.php in my code. I can't say that that is your "all in one solution" because I'm not sure of the actual definition of a "secure cookie". :blush: If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
Dennisra Posted March 7, 2008 Author Posted March 7, 2008 I'll give your suggestions a try. Thanks for the help!
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.