Cookie should not persist for too long. If the computer that stores the cookie is attacked or breached, this can lead to a potential account compromise.
Cookies should not be stored too long and should not be used to store sensitive data (such as personal identifiable information).
classNotCompliant{publicvoidsetCookie(Stringfield,Stringvalue){Cookiecookie=newCookie("field",value);// Set Cookie for a yearcookie.setMaxAge(2592000);}}
Compliant Code Examples
classCompliant{publicvoidsetCookie(Stringfield,Stringvalue){Cookiecookie=newCookie("field",value);// Set Cookie for a monthcookie.setMaxAge(216000);}}
Seamless integrations. Try Datadog Code Analysis
Datadog Code Analysis
Try this rule and analyze your code with Datadog Code Analysis
How to use this rule
1
2
rulesets:- java-security # Rules to enforce Java security.
Create a static-analysis.datadog.yml with the content above at the root of your repository
Use our free IDE Plugins or add Code Analysis scans to your CI pipelines