Session Cookie without Secure Flag
Secure cookie flag prevents the browser from sending the cookie over an unencrypted connection. A cookie with a
Secure flag is sent to the server only with an encrypted request over the HTTPS protocol. Therefore it can’t easily be accessed by a man-in-the-middle attacker.
Secure flag for the cookie.
- OWASP: Secure Cookie Flag
- OWASP: Session Management Cheat Sheet
- Wikipedia: Man-in-the-middle attack
- OWASP 2017-A3
- OWASP 2021-A2
- OWASP 2013-A6
- OWASP 2021-A5