Web Application Cookies Are Expired
Info Nessus Plugin ID 100669
SynopsisHTTP cookies have an 'Expires' attribute that is set with a past date or time.
DescriptionThe remote web application sets various cookies throughout a user's unauthenticated and authenticated session. However, Nessus has detected that one or more of the cookies have an 'Expires' attribute that is set with a past date or time, meaning that these cookies will be removed by the browser.
SolutionEach cookie should be carefully reviewed to determine if it contains sensitive data or is relied upon for a security decision.
If needed, set an expiration date in the future so the cookie will persist or remove the Expires cookie attribute altogether to convert the cookie to a session cookie.