Usage of default Cookie Configuration
Overview
Rule ID:
javascript_express_default_cookie_configApplicable Languages: Javascript
Weakness ID: CWE-693
Description
Using default cookie configurations can expose your application to security risks. This vulnerability occurs when cookies are set with default values, making them predictable and easier for attackers to exploit.
Remediation Guidelines
Do not rely on default cookie names.
Do use generic, non-descriptive names for session cookies. This makes it harder for attackers to identify and exploit your application's session management mechanism.
Do always specify a
maxAgeorexpiresvalue to control the cookie's lifetime.
References
Configuration
To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL
PreviousUnsanitized user input in XML parsing methodNextUsage of Default Session Cookie Configuration
Last updated