You are viewing this forum as a guest. Login to an existing account, or create a new account, to reply to topics and to create new topics.
For anyone else where this comes up on their PCI compliance edit the file {PRIVATE}>core>CORE_Session>CORE_Session.php and change:
if ($this->ssl) { $domain = $this->globals('core.cookie_domain_ssl'); $path = $this->globals('core.cookie_path_ssl'); } else { $domain = $this->globals('core.cookie_domain_nonssl'); $path = $this->globals('core.cookie_path_nonssl'); } // End of if statement. if (!(preg_match('/\/$/',$path))) {$path .= '/';} setcookie($name, $value, $expiration, $path, $domain);
to this:
if ($this->ssl) { $domain = $this->globals('core.cookie_domain_ssl'); $path = $this->globals('core.cookie_path_ssl'); $secure = 1; } else { $domain = $this->globals('core.cookie_domain_nonssl'); $path = $this->globals('core.cookie_path_nonssl'); $secure = 0; } // End of if statement. if (!(preg_match('/\/$/',$path))) {$path .= '/';} $httponly = 1; setcookie($name, $value, $expiration, $path, $domain, $secure, $httponly);
Offline