mirror of
https://github.com/github/codeql.git
synced 2026-07-05 19:45:29 +02:00
21 lines
678 B
XML
21 lines
678 B
XML
<!DOCTYPE qhelp PUBLIC
|
|
"-//Semmle//qhelp//EN"
|
|
"qhelp.dtd">
|
|
<qhelp>
|
|
<overview>
|
|
<p>This rule finds cookies that are made to expire in more than 5 minutes from now. Cookies are
|
|
usually non-persistent, in which case they reside in the browser's memory only. However, by setting
|
|
an expiration date in the future, cookies can be made persistent and are then written to disk to
|
|
survive the browser restarts. If a persistent cookie is set to expire in a fairly distant future,
|
|
it is easier for an attacker to steal its data.</p>
|
|
|
|
</overview>
|
|
<recommendation>
|
|
<p>Do not put sensitive information in persistent cookies.</p>
|
|
|
|
</recommendation>
|
|
<references>
|
|
|
|
</references>
|
|
</qhelp>
|