AnsweredAssumed Answered

Cookies does not contain "secure" and "httponly" attributes..

Question asked by Pragnesh Bhavsar on Feb 5, 2015
Latest reply on Feb 8, 2015 by Pragnesh Bhavsar


I scanned our web application with qualysguard web application vulnerability scanner. Most of vulnerabilities are resolved but this 2 are sticking with report every time.


Actually we are not using cookies except session cookies in our entire web application. After scanning I have seen that scanner is detecting cookies in "cookies collected" section are only session cookies.


we have our session cookies with both "secure" and "httponly" attributes. So  I am confused how this vulnerability is detecting every time.