[SEC-010] Session Cookie without SameSite Attribute

Description

rengginang cookies is session cookies that used by PHP to identify the client. This cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.

Severity

This bug has severity LOW

Affected Url

/auth/login

Admin message

[SEC-010] Session Cookie without SameSite Attribute

Description

Severity

Affected Url

Attachment