cancel
Showing results for 
Search instead for 
Did you mean: 

Issues with cookies persistence

Rishi
Altostratus
Altostratus

Need help on below issues:

 

Seeing "Sensitive Cookie with Improper or Insecure or Missing SameSite Attribute" message, when user is generating report from F5 url.

 

Currently: Default cookies persistence is applied on URL.

 

Thanks

 

 

1 REPLY 1

Hello Rishi.

Take into account that cookie persistence by default inserts a new cookie in the HTTP request.

If your app has specific restrictions to protect against CSRF, that would raise some of those messages.

Check the SameSite condition.
https://cwe.mitre.org/data/definitions/1275.html

Maybe, in your case, a "SameSite=Lax" condition is needed

 

Regards,
Dario.