It's a video streaming site for members. I can't believe my only option is to stream video across ssl. There must be another solution.
-RR On Tue, Mar 6, 2012 at 7:46 AM, DURETTE, STEVEN J <[email protected]> wrote: > > Just out of curiosity, why can't you have the entire session running under > SSL? Ever since Firesheep came out it is actually suggested to be all > encrypted all the time. > > Steve > > > -----Original Message----- > From: Robert Rhodes [mailto:[email protected]] > Sent: Tuesday, March 06, 2012 2:20 AM > To: cf-talk > Subject: Failed PCI Compliance test on CF9.01 > > > So a site that I built failed PCI compliance testing because the jsessionid > cookie is not set securely. > > I found this post< > http://thinkinglemur.com/index.php/2009/02/setting-secure-attribute-of-jsessionid-cookie-in-coldfusion-8/ > >that > shows how to force jrun to do always set the session cookies securely, > but the user loses their session state when they move between secure and > non-secure pages (the jsessionid is different for secure pages). This is > obviously a big problem, since we can't have the entire user session > running under ssl. Any ideas on how to get the jsessionid to be the same > on secure and non-secure pages? I am a little lost here. > > I am running cf9.01, with the app set to sessionmanagement="yes" and > setclientcookies="no". In the administrator, I have Cookie set as my > default client storage storage mechanism, and J2EE session variables > enabled. I also have use UUID for cftoken enabled, but since I have > setclientcookies set to no, I don't think that matters. > > *-RR* > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350249 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
