A CookieSerializer was detected without setting the ‘secure’ flag. The ‘secure’ flag for cookies prevents the client from transmitting the cookie over insecure channels such as HTTP. Set the ‘secure’ flag by calling ‘$S.setUseSecureCookie(true);‘ Likelihood: LOW Confidence: LOW CWE: - CWE-614: Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute
OWASP: - A05:2021 - Security Misconfiguration