Cette page n'est pas encore disponible en français, sa traduction est en cours. Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.
Metadata
ID:java-security/cookies-persistence
Language: Java
Severity: Warning
Category: Security
Description
Cookie should not persist for too long. If the computer that stores the cookie is attacked or breached, this can lead to a potential account compromise.
Cookies should not be stored too long and should not be used to store sensitive data (such as personal identifiable information).
classNotCompliant{publicvoidsetCookie(Stringfield,Stringvalue){Cookiecookie=newCookie("field",value);// Set Cookie for a year
cookie.setMaxAge(2592000);}}
Compliant Code Examples
classCompliant{publicvoidsetCookie(Stringfield,Stringvalue){Cookiecookie=newCookie("field",value);// Set Cookie for a month
cookie.setMaxAge(216000);}}
Seamless integrations. Try Datadog Code Analysis
Datadog Code Analysis
Try this rule and analyze your code with Datadog Code Analysis
How to use this rule
1
2
rulesets:- java-security # Rules to enforce Java security.
Create a static-analysis.datadog.yml with the content above at the root of your repository
Use our free IDE Plugins or add Code Analysis scans to your CI pipelines
