CodeAnt AI home pagelight logodark logo
  • Support
  • Dashboard
  • Dashboard
  • Join Community
Start Here
  • What is CodeAnt?
Setup
  • Github
  • Bitbucket
  • Gitlab
  • Azure Devops
Pull Request Review
  • Features
  • Customize Review
  • Quality Gates
  • Integrations
Scan center
  • Code Security
  • Code Quality
  • Cloud Security
  • Engineering Productivity
Integrations
  • Jira
  • Test Coverage
  • CI/CD
IDE
  • Setup
  • Review
  • Enhancements
Rule Reference
  • Compliance
  • Anti-Patterns
  • Code Governance
  • Infrastructure Security Database
  • Application Security Database
    • Apex
    • Bash
    • C
    • Clojure
    • Cpp
    • Csharp
    • Dockerfile
    • Elixir
    • Fingerprints
    • Generic
    • Go
    • Html
    • Java
      • Android
      • Aws-lambda
      • Castor
      • Java-jwt
      • Jax-rs
      • Jboss
      • Jdo
      • Jedis
      • Jjwt
      • Jsch
      • Kryo
      • Lang
      • Micronaut
      • Mongo
      • Mongodb
      • Mysql
      • Okhttp
      • Rmi
      • Servlets
      • Spring
        • Log-http-headers
        • Security
        • Security
          • Audit
          • Audit
            • Cookie-serializer-secure-false
              • Cookie serializer secure false
          • Castor-deserialization-deepsemgrep
          • Hibernate-sqli
          • Injection
          • Jdbctemplate-sqli
          • Jdo-sqli
          • Jpa-sqli
          • Kryo-deserialization-deepsemgrep
          • Objectinputstream-deserialization-spring
          • Spring-sqli-deepsemgrep
          • Spring-tainted-code-execution
          • Spring-tainted-ldap-injection
          • Spring-tainted-xmldecoder
          • Tainted-ssrf-spring-add
          • Tainted-ssrf-spring-format
          • Xstream-anytype-deserialization-deepsemgrep
          • Xxe
        • Simple-command-injection-direct-input
        • Spring-tainted-path-traversal
        • Tainted-html-string-responsebody
      • Thymeleaf
      • Xstream
    • Javascript
    • Json
    • Kotlin
    • Ocaml
    • Php
    • Problem-based-packs
    • Python
    • Ruby
    • Rust
    • Scala
    • Solidity
    • Swift
    • Terraform
    • Typescript
    • Yaml
Resources
  • Open Source
  • Blogs
Cookie-serializer-secure-false

Cookie serializer secure false

cookie-serializer-secure-false

A CookieSerializer was detected without setting the ‘secure’ flag. The ‘secure’ flag for cookies prevents the client from transmitting the cookie over insecure channels such as HTTP. Set the ‘secure’ flag by calling ‘$S.setUseSecureCookie(true);‘
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-614: Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute
OWASP:
- A05:2021 - Security Misconfiguration
AuditCastor deserialization deepsemgrep
twitterlinkedin
Powered by Mintlify
Assistant
Responses are generated using AI and may contain mistakes.