HttpOnlyCookies issue exists @ WebGoatCoins/CustomerLogin.aspx.cs in branch master
The web application's ButtonLogOn_Click method creates a cookie cookie, at line 31 of WebGoatCoins\CustomerLogin.aspx.cs, and returns it in the response. However, the application is not configured to automatically set the cookie with the "httpOnly" attribute, and the code does not explicitly add this to the cookie.
HttpOnlyCookies issue exists @ WebGoatCoins/CustomerLogin.aspx.cs in branch master
The web application's ButtonLogOn_Click method creates a cookie cookie, at line 31 of WebGoatCoins\CustomerLogin.aspx.cs, and returns it in the response. However, the application is not configured to automatically set the cookie with the "httpOnly" attribute, and the code does not explicitly add this to the cookie.
Severity: Medium
CWE:1004
Checkmarx
Lines: 59
Code (Line #59):