parsonsisconsulting

Parsons Software Security Consulting Blog

Posts Tagged ‘hacking

Why it is important to set the secure attribute on session cookies?

leave a comment »

When I do application security assessments I often see the secure attribute not set on session cookies over HTTPS.  It is fine to have non sensitive session cookies like language setting not set to secure but something as sensitive as the session cookie need to be set to secure so an attacker does not steal the session or the victim’s cookies and log on as the victim.   

Image

 

Image

Written by mparsons1980

June 25, 2013 at 11:57 am