Dennisra Posted March 6, 2008 Share Posted March 6, 2008 PCI certification requires the the cookie be secure. How is the easiest way to set every cookie as secure in osCommerce? Even prior to login. Link to comment Share on other sites More sharing options...
germ Posted March 6, 2008 Share Posted March 6, 2008 Look in your PHP code for all occurrence of "setcookie", as in /catalog/includes/general.php function tep_setcookie($name, $value = '', $expire = 0, $path = '/', $domain = '', $secure = 0) { setcookie($name, $value, $expire, $path, (tep_not_null($domain) ? $domain : ''), $secure); } Do you suppose it would be as simple as changing: $secure = 0 to: $secure = 1 :unsure: That is actually a PHP function. You can look up here: PHP - setcookie There are other instances of "setcookie" in osC code than the one I posted. You'd have to be sure to find and change them all. I can find it in sessions.php, application_top.php, and general.php in my code. I can't say that that is your "all in one solution" because I'm not sure of the actual definition of a "secure cookie". :blush: If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
Dennisra Posted March 7, 2008 Author Share Posted March 7, 2008 I'll give your suggestions a try. Thanks for the help! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.