How do you set Cf_client_* cookies to secure?

Is there a way to set CF_CLIENT_* cookies the application creates to secure?

I just spent a GREAT deal of time on this a few weeks ago:

See here:

https://dev.lucee.org/t/pci-compliance-non-secure-session-cookies-identified/8452/29

2 Likes

are you using Application.cfc or <cfapplication>? are you setting this.sessioncookie.secure=true ?

1 Like

this.sessioncookie.secure=true - this may be the answer. Thanks. I will try this. Iā€™m setting CFID and CFTOKEN as secure through the cfcookie tag.

Cf_client_* cookies are new to me.