Web Application Cookies Are Expired

info Nessus Plugin ID 100669

Synopsis

HTTP cookies have an 'Expires' attribute that is set with a past date or time.

Description

The remote web application sets various cookies throughout a user's unauthenticated and authenticated session. However, Nessus has detected that one or more of the cookies have an 'Expires' attribute that is set with a past date or time, meaning that these cookies will be removed by the browser.

Solution

Each cookie should be carefully reviewed to determine if it contains sensitive data or is relied upon for a security decision.

If needed, set an expiration date in the future so the cookie will persist or remove the Expires cookie attribute altogether to convert the cookie to a session cookie.

See Also

https://tools.ietf.org/html/rfc6265

Plugin Details

Severity: Info

ID: 100669

File Name: http_generic_expired_cookies.nasl

Version: 1.2

Type: remote

Family: Web Servers

Published: 6/7/2017

Updated: 12/20/2021

Supported Sensors: Nessus