You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
description: "Checks if cookies are cached on disk"
tags: "passive"
given response then
if {latest.response} matches "Set-Cookie:.+(expires=[\w\d\s:,]+;|max-age=\d+;).+" then
report issue:
severity: info
confidence: certain
detail: "Cookies are set that have an expires or max-age attribute, these are considered persistent cookies and will be stored on disk by the web browser until the expiration time. Check to ensure these are not used to maintain the login session as if an authenticated user does not click the logout button and instead cloes the browser, the session will resume when the browser is re-opened. If an attacker has access to the filesystem location where the web browser cache is stored the session cookie could be extracted and used to authenticate the attacker to the web application. If it is a shared machine another user could authenticate themselves just by re-opening the browser."
remediation: "Session management tokens should make use of non-persistent cookies. This forces the session to disappear from the client if the current web browser is closed. Therefore the expires or max-age attribute should be removed from the session cookie. https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#expire-and-max-age-attributes"
