PCI Compliance and sessionid

Question

A recent scan of an ecommerce site I've developed and hosted
on a shared server at CrystalTech has failed a PCI compliance test
recently. It previously passed them.

The report says that sessionids are predictable and therefore
insecure. This threatens my relationship with the credit card
companies. The good folks at CrystalTech have not been helpful yet.
Is anyone familiar with this issue or have valuable thoughts?

Interestingly, Securitymetrics calls it "Allaire Coldfusion".
Man, are they out of date.

Steve Sommers · Answer

It's a faulty report. Refer them to the following URL:http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=sharedVars_06.html

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded