AWS logo
Amazon QDetector Library

Insecure cookie High

Insecure cookie settings can lead to unencrypted cookie transmission. Even if a cookie doesn't contain sensitive data now, it could be added later. It's good practice to transmit all cookies only through secure channels.

Detector ID
Category
Common Weakness Enumeration (CWE) external icon

Noncompliant example

1def secure_cookie_noncompliant():
2    from http.cookies import SimpleCookie
3    cookie = SimpleCookie()
4    cookie['sample'] = "sample_value"
5    # Noncompliant: the cookie is insecure.
6    cookie['sample']['secure'] = 0
7    print(cookie)

Compliant example

1def secure_cookie_compliant():
2    from http.cookies import SimpleCookie
3    cookie = SimpleCookie()
4    cookie['sample'] = "sample_value"
5    # Compliant: the cookie is secure.
6    cookie['sample']['secure'] = True  # compliant
7    print(cookie)