Missing Secure option in cookie configuration
PreviousMissing Protection against Session Fixation AttacksNextMissing signature verification of JWT
Last updated
Last updated
Rule ID: java_lang_information_leakage
Applicable Languages: Java
Weakness ID: CWE-614
Failure to set the "Secure" attribute in cookie configuration can result in unauthorized third-party access. Enabling this attribute ensures that cookies are transmitted to the server exclusively over HTTPS, thereby bolstering security and thwarting potential eavesdropping.
Ensure to set the setSecure attribute to true to enforce cookies transmission only over HTTPS.
To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our