Code: Select all
Non-Secure Session Cookies Identified
The website software running on this server appears to be setting session cookies without the Secure flag set over HTTPS connections. This means the session identifier information in these cookies would be transmitted even over unencrypted HTTP connections, which might make them susceptible to interception and tampering.
Code: Select all
Thank you for providing that information. Can your organization confirm that organization can confirm that "PHPSESSID" and "default" are not session cookies but rather tracking cookies that have nothing to do with authentication to this system?