Hello there. I am attempting to obtain PCI compliance for my site but the Mcafee security scan has thrown a:
Potential Sensitive Persistent Cookie Sent Over a Non-Encrypted (SSL) Channel
Drupal (default behavior) sets a session cookie when you simply arrive at the site. This is causing the problem. Clearly, the entire site shouldn't be under SSL; plenty of other sites set session cookies like this.
What gives?