Topic
1 reply Latest Post - ‏2013-04-03T15:56:27Z by SystemAdmin
SystemAdmin
SystemAdmin
403 Posts
ACCEPTED ANSWER

Pinned topic Missing Secure Attribute in Encrypted Session (SSL) Cookie

‏2013-02-26T15:25:22Z |
I have session cookie with value with secure attribute, i.e.:

Set-Cookie: SessionCookieName=; path=/TestFolder; secure; HttpOnly

AppScan marks it like "Missing Secure Attribute in Encrypted Session (SSL) Cookie".
We are using "AppScan Standard 8.6.0.1, Rules: 1524"

Is it a AppScan bug?
Updated on 2013-04-03T15:56:27Z at 2013-04-03T15:56:27Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    403 Posts
    ACCEPTED ANSWER

    Re: Missing Secure Attribute in Encrypted Session (SSL) Cookie

    ‏2013-04-03T15:56:27Z  in response to SystemAdmin
    We do not have any defect reported in that area for AppScan Standard 8.6.0.1.

    I suggest to open a support ticket (PMR) at https://www.ibm.com/support/servicerequest/Home.action and then upload the scan to the ticket using the upload utility at: https://www.ecurep.ibm.com/app/upload