I've got a PCI compliance report that is complaining the AC7.ASPXANONYMOUS cookie is not being passed SSL and therefore fails PCI compliance.
Even more weird, the client has 3 Able 7.0.6 websites. Only 1 fails this test.
Is there a way to do force this in the web.config or something?
I've already tried this, it didn't help:
Code: Select all
<httpCookies httpOnlyCookies="true" requireSSL="true" />
I've also tried cookieRequiresSSL on the <anonymousIdentification> tag. It just crashes Able because it can't find the UserId to look up as if the cookie has disappeared entirely.
Any thoughts?