Files
codeql/csharp/ql/src/Security Features/PersistentCookie.qhelp
2018-08-02 17:53:23 +01:00

21 lines
678 B
XML

<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<overview>
<p>This rule finds cookies that are made to expire in more than 5 minutes from now. Cookies are
usually non-persistent, in which case they reside in the browser's memory only. However, by setting
an expiration date in the future, cookies can be made persistent and are then written to disk to
survive the browser restarts. If a persistent cookie is set to expire in a fairly distant future,
it is easier for an attacker to steal its data.</p>
</overview>
<recommendation>
<p>Do not put sensitive information in persistent cookies.</p>
</recommendation>
<references>
</references>
</qhelp>