HTTP Cookie 'secure' Property Transport Mismatch
Info Nessus Plugin ID 69826
SynopsisThe remote web server sent out a cookie with a secure property that does not match the transport on which it was sent.
DescriptionThe remote web server sends out cookies to clients with a 'secure' property that does not match the transport, HTTP or HTTPS, over which they were received. This may occur in two forms :
1. The cookie is sent over HTTP, but has the 'secure' property set, indicating that it should only be sent over a secure, encrypted transport such as HTTPS.
This should not happen.
2. The cookie is sent over HTTPS, but has no 'secure' property set, indicating that it may be sent over both HTTP and HTTPS transports. This is common, but care should be taken to ensure that the 'secure' property not being set is deliberate.