I have this as a vulnerability issue in McAfee scan for my website (ASP.NET with VB.Net, IIS7, SQL Server 2008)-
Missing Secure Attribute in an Encrypted Session (SSL) Cookie.
开发者_如何学JAVAWhat do i have to do to get rid of this vulnerability? please advice
its a level 1 alert, you would have to use a check in your application to determine if the request is https, and then set secure=true in the cookie.
Alternatively, you could assess if allowing this is inline with your company's policy and accept it in mcafee's panel.
精彩评论