Session Cookie without SameSite Flag
Impact: Medium
Description
The SameSite
cookie flag with the right value prevents the browser from sending the cookie in cross-origin requests. It provides some protection against cross-site request forgery attacks (CSRF).
Recommendation
Set SameSite
flag for the cookie.
References
👉 You might also like:
Cookie without SameSite Flag - Vulnerability
Session Cookie without HttpOnly Flag - Vulnerability
Session Cookie without Secure Flag - Vulnerability
Cookie without HttpOnly Flag - Vulnerability
Last updated on February 15, 2021