Set https cookies with Secure and HttpOnly

Description

Cookie is set without flags e.g.

JSESSIONID=hwh3algw3xyz;Path=/

Expected Results:

If the session is https, cookie should set Secure and HttpOnly flags, e.g.:

JSESSIONID=hwh3algw3xyz;Path=/; Secure; HttpOnly

See https://www.owasp.org/index.php/Session_Management#Protect_Session_Identifiers and https://www.owasp.org/index.php/HttpOnly

Steps to reproduce

None

Status

Assignee

Unassigned

Reporter

Stephen Marquard

Criticality

None

Tags (folksonomy)

Components

Fix versions

Affects versions

3.0
1.3
1.4.0

Priority

Critical
Configure