Web Application Cookies Are Expired

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

HTTP cookies have an 'Expires' attribute that is set with a past date
or time.

Description :

The remote web application sets various cookies throughout a user's
unauthenticated and authenticated session. However, Nessus has
detected that one or more of the cookies have an 'Expires' attribute
that is set with a past date or time, meaning that these cookies will
be removed by the browser.

See also :

https://tools.ietf.org/html/rfc6265

Solution :

Each cookie should be carefully reviewed to determine if it contains
sensitive data or is relied upon for a security decision.

If needed, set an expiration date in the future so the cookie will
persist or remove the Expires cookie attribute altogether to convert
the cookie to a session cookie.

Risk factor :

None

Family: Web Servers

Nessus Plugin ID: 100669 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now