Cookies should not have a long expiration

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Metadata

ID: java-security/cookies-persistence

Language: Java

Severity: Warning

Category: Security

CWE: 539

Description

Cookie should not persist for too long. If the computer that stores the cookie is attacked or breached, this can lead to a potential account compromise.

Cookies should not be stored too long and should not be used to store sensitive data (such as personal identifiable information).

Learn More

Non-Compliant Code Examples

class NotCompliant {
    public void setCookie(String field, String value) {
        Cookie cookie = new Cookie("field", value);

        // Set Cookie for a year
        cookie.setMaxAge(2592000);
    }
}

Compliant Code Examples

class Compliant {
    public void setCookie(String field, String value) {
        Cookie cookie = new Cookie("field", value);

        // Set Cookie for a month
        cookie.setMaxAge(216000);
    }
}
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Analysis