Headers Cookie Session No Path
'Default session middleware settings: `path` not set. It indicates the path of the cookie; use it to compare against the request path. If this and domain match, then send the cookie in the request.'
IndexedPublic repositoryLowMedium confidenceVerifiedLGPL-3.0-onlyjavascript
greprules fetch gitlab-sast-rules-lgpl-javascript-headers-rule-cookie-session-no-path --engine opengrepDescription
'Default session middleware settings: `path` not set. It indicates the path of the cookie; use it to compare against the request path. If this and domain match, then send the cookie in the request.'
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.