• Home
• org.codehaus.sonar-plugins.java
• java-checks
• 2.9
• source code
• S2092.html

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.sonar.l10n.java.rules.squid.S2092.html Maven / Gradle / Ivy

The "secure" attribute prevents cookies from being sent over plaintext connections such as HTTP, where they would be easily eavesdropped upon. Instead, cookies with the secure attribute are only sent over encrypted HTTPS connections.

Noncompliant Code Example
Cookie c = new Cookie(SECRET, secret);  // Noncompliant; cookie is not secure
response.addCookie(c);

Compliant Solution
Cookie c = new Cookie(SECRET, secret);
c.setSecure(true);
response.addCookie(c);

See
    

      
MITRE, CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute