Permissive HTTP Only option in cookie configuration
Last updated
Last updated
Rule ID: java_lang_cookie_with_http_only_false
Applicable Languages: Java
Weakness ID: CWE-1004
Failing to set the HTTP Only option to true in cookie configuration exposes your application to attacks, enabling client-side scripts to access cookie values. This vulnerability can result in unauthorized access or exploits.
Set HttpOnly
to true
for cookies to prevent client-side scripts from accessing cookie values. This step is crucial for enhancing your application's security by restricting access to sensitive cookie data.
To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our