Ensure cookies have the secure flag
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
ID: csharp-security/cookie-http-only
Language: C#
Severity: Warning
Category: Security
CWE: 614
Description
Cookies must only be used for HTTP connections. Otherwise, client-side scripts can access cookies and compromise the user security.
Learn More
Non-Compliant Code Examples
class MyClass {
public static void setSecureCookie()
{
HttpCookie myCookie = new HttpCookie("my cookie");
Console.WriteLine("Hello World");
myCookie.HttpOnly = false;
}
}
class MyClass {
public static void setInsecureCookie()
{
HttpCookie myCookie = new HttpCookie("my cookie");
Console.WriteLine("Hello World");
myCookie.HttpOnly = false;
}
}
Seamless integrations. Try Datadog Code Analysis