| Details |
CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Setting the Secure attribute on an HTTP cookie instructs the web browser to send it only over a secure channel, such as a TLS connection. Issuing a cookie without the Secure attribute allows the browser to transmit it over unencrypted connections, which are susceptible to eavesdropping. It is particularly important to set the Secure attribute on any cookies containing sensitive data, such as authentication information (e.g. "remember me" style functionality).
Set the Secure attribute for all cookies used by HTTPS sessions.
WASC