Is there a way to set CF_CLIENT_* cookies the application creates to secure?
I just spent a GREAT deal of time on this a few weeks ago:
See here:
https://lucee.daemonite.io/t/pci-compliance-non-secure-session-cookies-identified/8452/29
2 Likes
are you using Application.cfc or <cfapplication>? are you setting this.sessioncookie.secure=true ?
1 Like
this.sessioncookie.secure=true - this may be the answer. Thanks. I will try this. Iām setting CFID and CFTOKEN as secure through the cfcookie tag.
Cf_client_* cookies are new to me.