> It's a video streaming site for members. I can't believe my only > option is to stream video across ssl. There must be another > solution.
There is: take the main site out of scope for compliance. The only parts of a system that have to be PCI compliant are the ones that handle credit card information, usually an online store or subscription system. There is no technical reason I can think of that would require your billing system and video streaming servers to share infrastructure. Separating the billing system out on to its own infrastructure means the rest of the system goes out of scope and then you can do whatever you want with your cookies on the main part of the site. Keep the billing system isolated and your headaches will be greatly reduced. -Justin Sco ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350252 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm