I have session cookie with value with secure attribute, i.e.:
Set-Cookie: SessionCookieName=; path=/TestFolder; secure; HttpOnly
AppScan marks it like "Missing Secure Attribute in Encrypted Session (SSL) Cookie".
We are using "AppScan Standard 18.104.22.168, Rules: 1524"
Is it a AppScan bug?
This topic has been locked.
Pinned topic Missing Secure Attribute in Encrypted Session (SSL) Cookie
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
SystemAdmin 110000D4XK403 Posts
Re: Missing Secure Attribute in Encrypted Session (SSL) Cookie2013-04-03T15:56:27ZThis is the accepted answer. This is the accepted answer.We do not have any defect reported in that area for AppScan Standard 22.214.171.124.
I suggest to open a support ticket (PMR) at https://www.ibm.com/support/servicerequest/Home.action and then upload the scan to the ticket using the upload utility at: https://www.ecurep.ibm.com/app/upload