Documentation - V-222576

V-222576

Application Security and Development Security Technical Implementation Guide

CAT II

Title

The application must set the secure flag on session cookies.

Description

<VulnDiscussion>Many web development frameworks such as PHP, .NET, ASP as well as application servers include their own mechanisms for session management. Whenever possible it is recommended to utilize the provided session management framework. Setting the secure bit on session cookie ensures the session cookie is only sent via TLS/SSL HTTPS connections. This helps to ensure confidentiality as the session cookie is not able to be viewed by unauthorized parties as it transits the network. Sett...

Fix Text (Documentation Requirement)

Configure the application to ensure the secure flag is set on session cookies.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel