07-Dec-2021 05:27
Need help on below issues:
Seeing "Sensitive Cookie with Improper or Insecure or Missing SameSite Attribute" message, when user is generating report from F5 url.
Currently: Default cookies persistence is applied on URL.
Thanks
01-Apr-2022 05:58
Hello Rishi.
Take into account that cookie persistence by default inserts a new cookie in the HTTP request.
If your app has specific restrictions to protect against CSRF, that would raise some of those messages.
Check the SameSite condition.
https://cwe.mitre.org/data/definitions/1275.html
Maybe, in your case, a "SameSite=Lax" condition is needed