Open vvdb-architecture opened 5 months ago
Recent PEN test reports noticed that cookies issued by Arc4 (via AddCookie) are not having SameSite (or HttpsOnly, which is called Secure in .NET) enabled.
AddCookie
SameSite
HttpsOnly
Secure
We should consider:
Recent PEN test reports noticed that cookies issued by Arc4 (via
AddCookie
) are not havingSameSite
(orHttpsOnly
, which is calledSecure
in .NET) enabled.We should consider:
AddCookie
.