CX Sensitive_Cookie_in_HTTPS_Session_Without_Secure_Attribute @ root/basket.jsp [master]

**Sensitive_Cookie_in_HTTPS_Session_Without_Secure_Attribute** issue exists @ **root/basket.jsp** in branch **master**

*The&nbsp;root\basket.jsp application configuration&nbsp;file, at line 84, does not define sensitive application&nbsp;cookies with the "secure" flag, which could cause the client to send those cookies in plaintext over an insecure network communication (HTTP). This may lead to a Session Hijacking attack.*

Severity: Low

CWE:614

[Checkmarx](http://yairh-lt.dm.cx/CxWebClient/ViewerMain.aspx?scanid=1010014&projectid=3&pathid=361)

[Training](https://checkmarx-demo.codebashing.com/courses/)
[Recommended Fix](http://yairh-lt.dm.cx/CxWebClient/ScanQueryDescription.aspx?queryID=599&queryVersionCode=56195301&queryTitle=Sensitive_Cookie_in_HTTPS_Session_Without_Secure_Attribute)

Lines: [84](https://github.com/CxYair/CxFlowGithub/blob/master/root/basket.jsp#L84) 

---
[Code (Line #84):](https://github.com/CxYair/CxFlowGithub/blob/master/root/basket.jsp#L84)
```
			response.addCookie(new Cookie("b_id", basketId));
```
---


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CX Sensitive_Cookie_in_HTTPS_Session_Without_Secure_Attribute @ root/basket.jsp [master] #52

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

CX Sensitive_Cookie_in_HTTPS_Session_Without_Secure_Attribute @ root/basket.jsp [master] #52

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions