Uploaded image for project: 'Red Hat Process Automation Manager'
  1. Red Hat Process Automation Manager
  2. RHPAM-4431

Session Cookie Without Secure Attribute Set

XMLWordPrintable

    • False
    • None
    • False
    • Documentation (Ref Guide, User Guide, etc.), Release Notes
    • CR1
    • ---
    • ---
    • 2022 Week 32-34 (from Aug 8), 2022 Week 35-37 (from Aug 29), 2022 Week 38-40 (from Sept 19), 2022 Week 41-43 (from Oct 10), 2022 Week 44-46 (from Oct 31), 2022 Week 47-49 (from Nov 21), 2022 Week 50-02 (from Dec 12), 2023 Week 03-05 (from Jan 16), 2023 Week 06-08 (from Feb 6), 2023 Week 09-11 (from Feb 27), 2023 Week 12-14 (from Mar 20), 2023 Week 15-17 (from Apr 10)

      Secure - This an attribute tells the browser to only send the cookie the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted requests. If the application can be accessed over both HTTP and HTTPS, then there is the potential that the cookie can be sent in cleartext. The "Path" attribute of cookie signifies the URL or path for which the cookie is valid. The default value is "/". The Path attribute controls the set of paths that limits the scope of cookies. User agents use the directory in the request-URI's path component by default whenever a web server elides the Path attribute. The cookies are incorporated by the user agents only when the request-URI's path segment is equal to the cookies' Path attribute. Expires - This attribute is used to set persistent cookies. It signifies how long the browser should use the persistent cookie and when the cookie should be deleted. In this application, it is observed the following session cookies are set by the application without Secure, Path, Expires cookie attributes.

      It is observed in Business Central Following Session Cookie "JSESSIONID" is missing cookie attributes Secure, Path and Expires/Max-Age. JSESSIONID=k6VaOkHX0pV0kvHBlK9QeRGz6IzpQ03af1LvhZ53.ibm-rhpamcentr-4-jctrc; path=/; HttpOnly

              r_anand Rishiraj Anand
              aparedes@redhat.com Adriel Paredes
              Tomas David Tomas David
              Tomas David Tomas David
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: