Detections
Analytics

Session Cookies Detected

info Web App Scanning Plugin ID 112798

Language:

Synopsis

Session Cookies Detected

Description

The scanner collected the session cookies returned by the application during an authenticated scan. The list includes the following information for each cookie:
 - Name: name of the cookie
 - Value: value of the cookie
 - Domain: hosts to which the cookie will be sent
 - Path: URL path which must exist in the requested resource before sending the cookie
 - HttpOnly: cookie is set to be not accessible via JavaScript, XMLHttpRequest and Request APIs
 - Secure: cookie will be sent to the server only when a request is made using HTTPS
 - SameSite: cookie will be sent along with cross-site request according the defined policy
 - URL: first URL discovered which set the cookie in its response
 - Set-Method: method used by the application to set the cookie (Set-Cookie or JavaScript)

See Also

https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html

https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies

https://en.wikipedia.org/wiki/HTTP_cookie

Plugin Details

Severity: Info

ID: 112798

Type: Check Based

Published: 5/28/2021

Updated: 11/17/2023

Scan Template: api, overview, pci, scan