I have session cookie with value with secure attribute, i.e.:
Set-Cookie: SessionCookieName=; path=/TestFolder; secure; HttpOnly
AppScan marks it like "Missing Secure Attribute in Encrypted Session (SSL) Cookie".
We are using "AppScan Standard 126.96.36.199, Rules: 1524"
Is it a AppScan bug?
This topic has been locked.
1 reply Latest Post - 2013-04-03T15:56:27Z by SystemAdmin
Pinned topic Missing Secure Attribute in Encrypted Session (SSL) Cookie
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2013-04-03T15:56:27Z at 2013-04-03T15:56:27Z by SystemAdmin
SystemAdmin 110000D4XK404 PostsACCEPTED ANSWER
Re: Missing Secure Attribute in Encrypted Session (SSL) Cookie2013-04-03T15:56:27Z in response to SystemAdminWe do not have any defect reported in that area for AppScan Standard 188.8.131.52.
I suggest to open a support ticket (PMR) at https://www.ibm.com/support/servicerequest/Home.action and then upload the scan to the ticket using the upload utility at: https://www.ecurep.ibm.com/app/upload