On Tue, Mar 6, 2012 at 11:55 AM, Robert Rhodes <[email protected]> wrote:
> I hear you, but there are issues preventing me from going all https. It's > a long story. > > Is there a way to copy, with some code in the application.cfm, the > jsessionid between http and https so we don't lose the session state? > You could make this work, but then you would be exactly where you currently are, and would again fail the PCI audit. I know you are looking for a "quick answer", but there isn't really a great easy option here. Many shops spend literally months getting compliant, so this code change really doesn't seem so huge in comparison, even though I know if feel like it is. You best solution, in the long term as well as the short run, is to make the code changes and just spend the time and money on it so it's right. -Cameron -- Cameron Childress -- p: 678.637.5072 im: cameroncf facebook <http://www.facebook.com/cameroncf> | twitter<http://twitter.com/cameronc> | google+ <https://profiles.google.com/u/0/117829379451708140985> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350279 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
