Cookie Without Secure Flag

Type: Passive Scan

Description

A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.

Solution

Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.

References

Code

Last updated: 2020-04-30 16:12:39.623Z