Cookies should not have a long expiration

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Metadata

ID: java-security/cookies-persistence

Language: Java

Severity: Warning

Category: Security

CWE: 539

Description

Cookie should not persist for too long. If the computer that stores the cookie is attacked or breached, this can lead to a potential account compromise.

Cookies should not be stored too long and should not be used to store sensitive data (such as personal identifiable information).

Learn More

Non-Compliant Code Examples

class NotCompliant {
    public void setCookie(String field, String value) {
        Cookie cookie = new Cookie("field", value);

        // Set Cookie for a year
        cookie.setMaxAge(2592000);
    }
}

Compliant Code Examples

class Compliant {
    public void setCookie(String field, String value) {
        Cookie cookie = new Cookie("field", value);

        // Set Cookie for a month
        cookie.setMaxAge(216000);
    }
}
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Analysis