AbleCommerce Shopping Cart Software

This is the last issue I need to solve to be compliant again and I am not sure where to go to fix it..

Non-Secure Session Cookies Identified
The website software running on this server appears to be setting session cookies without the Secure flag set over HTTPS connections. This means the session identifier information in these cookies would be transmitted even over unencrypted HTTP connections, which might make them susceptible to interception and tampering.

We are having to patch this also- some sites are reporting it from their PCI compliance scans. Here is what we did in web.config. Adding the xxx="true" at end of tags
<forms timeout="15" slidingExpiration="true" name="ACGOLD.ASPXAUTH" requireSSL="true"/>
<anonymousIdentification enabled="true" cookieName="ACGOLD.ASPXANONYMOUS" cookieTimeout="1440" cookieRequireSSL="true"/>
Add this right before </system.web>
<httpCookies httpOnlyCookies="true" requireSSL="true" />

Note: Don't make the changes unless your entire site is running https

I know I can turn on the option to have all pages show https but is there any issues with that still? I recall someone posting about issues with it.

In R10 there were a few (minor) issues. If you're on R12, you should most certainly be running all pages in HTTPS. I have every single one of my clients (that are capable) running full HTTPS. It's rock solid.

Thanks!! That seems to have me all fixed up.