Support » Plugin: Mailchimp for WooCommerce » PCI Compliance flagged for Mailchimp plug-in

  • Hello,

    I need help trying to determine how to correct this fail “Cookie Does Not Contain The “HTTPOnly” Attribute” while trying to complete PCI Compliance on the site.
    It is with the Mailchimp cookie from
    Mailchimp for Woocommerce Version 2.4.7 . I was using the previous version when the test that was run Saturday, failed.:

    Result
    url: https://75.103.75.31/
    Payload: N/A
    matched: Date: Sat, 26 Sep 2020 00:12:06 GMT
    Server: Apache
    X-Redirect-By: WordPress
    Set-Cookie: mailchimp_landing_site=https%3A%2F%2Fciuspress.com%2F; expires=Sat, 24-Oct-2020 00:12:10 GMT; Max-Age=2419200; path=/
    Location: https://ciuspress.com/
    Transfer-Encoding: chunked
    Content-Type: text/html; charset=UTF-8


    Is this something that I can change or is this plug-in dependant?
    How can I resolve?
    Thanks

    • This topic was modified 1 month, 4 weeks ago by kingcom.
Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author ryanhungate

    (@ryanhungate)

    @kingcom thanks for bringing this up – we’ll take a look at a fix here shortly and report back.

    Hello Ryan
    I have heard back from my SSL plug in and they confirm that their plugin is invoking SSL for all PHP cookies. “However, we can not influence cookies placed by plugins via JavaScript. This should be managed by the plugins themselves.”
    Hopefully you can bring your plug in inline with my SSL standards so I can pass PCI compliance.
    Let me know if you have any progress or timeline.
    Thanks for your help
    Sincerely
    Terry

    Hello ryanhungate (@ryanhungate)
    I am following up if there is any news or progress on this?
    Thank you.
    Terry

    Plugin Author ryanhungate

    (@ryanhungate)

    @kingcom sorry for the delay on this. Have you tried changing the values on your php ini to show this?

    
    session.cookie_httponly = 1
    session.cookie_secure = 1
    

    We can certainly look into making this a developer setting too but for right now this would most likely do the trick for you.

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.